CVE-2022-21950

Published: Sep 7, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability: 1.8 / Impact: 3.4

Source: NVD

Description

A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there.

Affected (3)

Products: Opensuse: Canna

Opensuse

1 product

Canna

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Opensuse Canna	Before 3.7p3-bp153.2.3.1

Running on/with	Platform Versions
Opensuse Backports Sle	Version 15.0 sp3

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Opensuse Canna	Before 3.7p3-bp154.3.3.1

Running on/with	Platform Versions
Opensuse Backports Sle	Version 15.0 sp4

Configuration C

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Opensuse Canna	Version 3.7p3

Running on/with	Platform Versions
Opensuse Factory	All versions
Suse Linux Enterprise	Version 12.0

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://bugzilla.suse.com/show_bug.cgi?id=1199280

Source: meissner@suse.de

Issue TrackingVendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1199280

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.