PT-2023-1337 · Pesign+8 · Pesign+8

Marco Benatto

Published

2023-01-31

Updated

2025-03-26

CVE-2022-3560

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions pesign (affected versions not specified)

Description The issue is related to a path traversal attack in the pesign daemon, a systemd service. This could allow an attacker to gain access to privileged files and directories via a path traversal attack, potentially leading to elevated privileges. The vulnerability is due to the script not checking for symbolic links when setting ACLs for /etc/pki/pesign and /run/pesign directories.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-269

Related Identifiers

ALSA-2023:1067

ALSA-2023:1572

ALT-PU-2023-4417

ALT-PU-2024-5107

ALT-PU-2024-7744

AZL-13293

BDU:2023-00640

CESA-2023_1093

CESA-2023_1572

CVE-2022-3560

INFSA-2023_1067

OESA-2023-1119

OESA-2023-1159

OPENSUSE-SU-2024:12672-1

RHSA-2023:1065

RHSA-2023:1066

RHSA-2023:1067

RHSA-2023:1093

RHSA-2023:1107

RHSA-2023:1572

RHSA-2023:1586

RHSA-2023:1829

RHSA-2023_1067

RHSA-2023_1093

RHSA-2023_1572

RLSA-2023:1067

RLSA-2023:1572

ROSA-SA-2023-2132

ROSA-SA-2023-2225

SUSE-SU-2023:0484-1

SUSE-SU-2023_0484-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Red Hat

Red Os

Rocky Linux

Suse

Pesign

PT-2023-1337 · Pesign+8 · Pesign+8

CVE-2022-3560

Weakness Enumeration

Related Identifiers

Affected Products

References · 43