CVE-2022-21950Improper Access Control in Backports Sle-15-sp3

CWE-284Improper Access Control3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 73.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Opensuse Backports Sle-15-sp3Opensuse Backports Sle-15-sp4Opensuse Canna
Timeline
PublishedSep 7
Latest updateSep 8

Description

A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages3 packages

CVEListV5opensuse/opensuse_backports_sle-15-sp3cannacanna-3.7p3-bp153.2.3.1
CVEListV5opensuse/opensuse_backports_sle-15-sp4canna3.7p3-bp154.3.3.1
NVDopensuse/canna< 3.7p3-bp153.2.3.1+2

🔴Vulnerability Details

2
GHSA
GHSA-3485-7x7c-qrw2: A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local us2022-09-08
CVEList
canna: unsafe handling of /tmp/.iroha_unix directory2022-09-07
CVE-2022-21950 — Improper Access Control | cvebase