CVE-2022-21946

CWE-732Incorrect Permission AssignmentCWE-269Improper Privilege Management3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.0%
top 89.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Opensuse FactoryOpensuse Cscreen
Timeline
PublishedMar 16
Latest updateMar 17

Description

A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

NVDopensuse/cscreen1.21.3
CVEListV5opensuse/factorycscreen1.2-1.3

🔴Vulnerability Details

2
GHSA
GHSA-wj8w-cmvq-mfv8: A Improper Privilege Management vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privilege2022-03-17
CVEList
suddoers configuration for cscreen not restrictive enough2022-03-16
CVE-2022-21946 (MEDIUM CVSS 5.3) | A Incorrect Permission Assignment f | cvebase.io