PT-2022-15196 · Opensuse · Screen

Matthias Gerstner

Published

2022-03-16

Updated

2024-06-15

CVE-2022-21946

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions openSUSE Factory cscreen versions 1.2-1.3 and prior versions.

Description A vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen session.

Recommendations For openSUSE Factory cscreen versions 1.2-1.3 and prior versions, update to a version that fixes the sudoers configuration issue to prevent local users from gaining unauthorized privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2022-21946

OPENSUSE-SU-2024:11924-1

Affected Products

Screen

PT-2022-15196 · Opensuse · Screen

CVE-2022-21946

Weakness Enumeration

Related Identifiers

Affected Products

References · 8