CVE-2022-31254
published 2023-02-07CVE-2022-31254: A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opensuse | opensuse_leap_15.3 | >= rmt-server < 2.10 | 2.10 |
| opensuse | opensuse_leap_15.4 | >= rmt-server < 2.10 | 2.10 |
| opensuse | rmt-server | < 2.10 | 2.10 |
| suse | suse_linux_enterprise_server_for_sap_15 | >= rmt-server < 2.10 | 2.10 |
| suse | suse_linux_enterprise_server_for_sap_15-sp1 | >= rmt-server < 2.10 | 2.10 |
| suse | suse_manager_server_4.1 | >= rmt-server < 2.10 | 2.10 |