PT-2022-20641 · Suse · Opensuse Leap Micro+3
Martin Wilck
+1
·
Published
2022-09-19
·
Updated
2024-06-15
·
CVE-2022-31252
CVSS v3.1
4.4
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707
openSUSE Leap 15.3 permissions versions prior to 20200127
openSUSE Leap 15.4 permissions versions prior to 20201225
openSUSE Leap Micro 5.2 permissions versions prior to 20181225
Description
The issue is related to an Incorrect Authorization vulnerability in the chkstat component. It did not consider group writable path components, allowing local attackers with access to a group that can write to a location included in the path to a privileged binary to influence path resolution.
Recommendations
For SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707, update to a version after 20170707 to resolve the issue.
For openSUSE Leap 15.3 permissions versions prior to 20200127, update to a version after 20200127 to resolve the issue.
For openSUSE Leap 15.4 permissions versions prior to 20201225, update to a version after 20201225 to resolve the issue.
For openSUSE Leap Micro 5.2 permissions versions prior to 20181225, update to a version after 20181225 to resolve the issue.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Suse Linux Enterprise Server
Suse
Opensuse Leap
Opensuse Leap Micro