CVE-2022-31254

CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 86.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Opensuse Leap 15.3 Opensuse Opensuse Leap 15.4 Suse Suse Linux Enterprise Server FOR SAP 15 +3 more

Timeline

PublishedFeb 7

Description

A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5suse/suse_linux_enterprise_server_for_sap_15rmt-server — 2.10

▶CVEListV5suse/suse_linux_enterprise_server_for_sap_15-sp1rmt-server — 2.10

▶NVDopensuse/rmt-server< 2.10

▶CVEListV5suse/suse_manager_server_4.1rmt-server — 2.10

▶CVEListV5opensuse/opensuse_leap_15.3rmt-server — 2.10

🔴Vulnerability Details

CVEList

rmt-server-pubcloud allows to escalate from user _rmt to root↗2023-02-07

▶

GHSA

GHSA-hqw6-rjpx-2wf4: A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Serve↗2023-02-07

▶