CVE-2022-31255

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Module for SUSE Manager Server 4.2 versions prior to 4.2.28 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39 SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10

Description An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') issue allows remote attackers to read files available to the user running the process, typically tomcat.

Recommendations For SUSE Linux Enterprise Module for SUSE Manager Server 4.2, update to version 4.2.28 or later. For SUSE Linux Enterprise Module for SUSE Manager Server 4.3, update spacewalk-java to version 4.3.39 or later. For SUSE Manager Server 4.2, update release-notes-susemanager to version 4.2.10 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2022-31255

SUSE-SU-2022:3878-1

SUSE-SU-2022:3879-1

SUSE-SU-2022:3880-1

Affected Products

Suse Linux Enterprise Module For Suse Manager Server 4.2

Suse Linux Enterprise Module For Suse Manager Server 4.3

Suse Manager Server 4.2

Suse

Release-Notes-Susemanager

Spacewalk-Java

CVE-2022-31255

Weakness Enumeration

Related Identifiers

Affected Products

References · 35