cve-2022-31252
Vulnerability from cvelistv5
Published
2022-10-06 17:14
Modified
2024-09-16 18:40
Severity
4.4 (Medium) - cvssV3_1 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
permissions: chkstat does not check for group-writable parent directories or target files in safeOpen()
References
SourceURLTags
meissner@suse.dehttps://bugzilla.suse.com/show_bug.cgi?id=1203018Issue Tracking, Vendor Advisory
Impacted products
VendorProduct
SUSESUSE Linux Enterprise Server 12-SP5
openSUSEopenSUSE Leap 15.3
openSUSEopenSUSE Leap 15.4
openSUSEopenSUSE Leap Micro 5.2
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:11:39.924Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1203018"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SUSE Linux Enterprise Server 12-SP5",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "20170707",
              "status": "affected",
              "version": "permissions",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "openSUSE Leap 15.3",
          "vendor": "openSUSE",
          "versions": [
            {
              "lessThan": "20200127",
              "status": "affected",
              "version": "permissions",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "openSUSE Leap 15.4",
          "vendor": "openSUSE",
          "versions": [
            {
              "lessThan": "20201225",
              "status": "affected",
              "version": "permissions",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "openSUSE Leap Micro 5.2",
          "vendor": "openSUSE",
          "versions": [
            {
              "lessThan": "20181225",
              "status": "affected",
              "version": "permissions",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Martin Wilck from SUSE"
        }
      ],
      "datePublic": "2022-09-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-11T00:00:00",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1203018"
        }
      ],
      "source": {
        "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1203018",
        "defect": [
          "1203018"
        ],
        "discovery": "INTERNAL"
      },
      "title": "permissions: chkstat does not check for group-writable parent directories or target files in safeOpen()",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2022-31252",
    "datePublished": "2022-10-06T17:14:05.294457Z",
    "dateReserved": "2022-05-20T00:00:00",
    "dateUpdated": "2024-09-16T18:40:06.727Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-31252\",\"sourceIdentifier\":\"meissner@suse.de\",\"published\":\"2022-10-06T18:16:01.710\",\"lastModified\":\"2022-11-07T20:20:15.843\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de autorizaci\u00f3n incorrecta en chkstat de SUSE Linux Enterprise Server versi\u00f3n 12-SP5; openSUSE Leap versi\u00f3n 15.3, openSUSE Leap versi\u00f3n 15.4, openSUSE Leap Micro versi\u00f3n 5.2, no ten\u00eda en cuenta los componentes de la ruta de escritura del grupo, lo que permit\u00eda a atacantes locales con acceso a un grupo lo que puede escribir en una ubicaci\u00f3n incluida en la ruta de un binario privilegiado para influir en la resoluci\u00f3n de la ruta. Este problema afecta a: SUSE Linux Enterprise Server 12-SP5 versiones de permisos anteriores a 20170707. openSUSE Leap 15.3 versiones de permisos anteriores a 20200127. openSUSE Leap 15.4 versiones de permisos anteriores a 20201225. openSUSE Leap Micro 5.2 versiones de permisos anteriores a 20181225\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":2.5},{\"source\":\"meissner@suse.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"meissner@suse.de\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"090F0D1A-6BF8-4810-8942-3FFE4FBF7FE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE80EB04-7F9D-4C0B-85DB-4A13DEACB5E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap_micro:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71185E66-2527-46B5-AEEB-23EB741E9029\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:*:*:*\",\"matchCriteriaId\":\"29AE5751-3EA5-4056-8E79-16D8DCD248EF\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1203018\",\"source\":\"meissner@suse.de\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.