CVE-2022-31254

Published: Feb 7, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10.

Affected (1)

Products: Opensuse: Rmt Server

Opensuse

1 product

Rmt Server

Configuration A

1 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Opensuse Rmt Server	Before 2.10

Running on/with	Platform Versions
Opensuse Leap	Version 15.3
Opensuse Leap	Version 15.4
Suse Linux Enterprise Server	Version 15
Suse Linux Enterprise Server	Version 15 sp1
Suse Manager Server	Version 4.1

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://bugzilla.suse.com/show_bug.cgi?id=1204285

Source: meissner@suse.de

ExploitIssue TrackingVendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1204285

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

Timeline

No history available yet.