CVE-2022-31251

CWE-276Incorrect Default PermissionsCWE-362Race Condition5 documents5 sources
Severity
6.3MEDIUM
EPSS
0.0%
top 90.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse Opensuse FactoryOpensuse Factory
Timeline
PublishedSep 7
Latest updateSep 8

Description

A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:HExploitability: 1.0 | Impact: 5.5

Affected Packages2 packages

NVDopensuse/factory< 22.05.2-3.3
CVEListV5suse/opensuse_factoryslurm22.05.2-3.3

🔴Vulnerability Details

3
GHSA
GHSA-rw8f-7p48-8m3h: A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the2022-09-08
OSV
CVE-2022-31251: A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the2022-09-07
CVEList
slurm: %post for slurm-testsuite operates as root in user owned directory2022-09-07

📋Vendor Advisories

1
Debian
CVE-2022-31251: slurm-wlm - A Incorrect Default Permissions vulnerability in the packaging of the slurm test...2022
CVE-2022-31251 (MEDIUM CVSS 6.3) | A Incorrect Default Permissions vul | cvebase.io