CVE-2022-45153

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 81.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Opensuse Opensuse Leap 15.4Suse Suse Linux Enterprise Module FOR SAP Applications 15-sp1Suse Suse Linux Enterprise Server FOR SAP 12-sp5+3 more
Timeline
PublishedFeb 15

Description

An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphan

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages6 packages

CVEListV5suse/suse_linux_enterprise_module_for_sap_applications_15-sp1saphanabootstrap-formula0.13.1+git.1667812208.4db963e
CVEListV5suse/suse_linux_enterprise_server_for_sap_12-sp5saphanabootstrap-formula0.13.1+git.1667812208.4db963e
CVEListV5opensuse/opensuse_leap_15.4saphanabootstrap-formula0.13.1+git.1667812208.4db963e

🔴Vulnerability Details

2
GHSA
GHSA-4g85-9mh4-6cw4: An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Ent2023-02-15
CVEList
saphanabootstrap-formula: Escalation to root for arbitrary users in hana/ha_cluster.sls2023-02-15