OpenCVE

is_closing_session() allows users to create arbitrary tcp dbus connections

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apport Project	Apport
Canonical	Ubuntu Linux

Configuration 1 [-]

cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:18.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:21.10::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts:::

No data.

References

Link	Providers
https://ubuntu.com/security/notices/USN-5427-1
https://www.cve.org/CVERecord?id=CVE-2022-28655

History

Sun, 27 Oct 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2024-06-04T21:56:50.616Z

Updated: 2024-10-27T17:49:04.264Z

Reserved: 2022-04-05T02:16:30.819Z

Link: CVE-2022-28655

Vulnrichment

Updated: 2024-08-03T05:56:16.459Z

NVD

Status : Modified

Published: 2024-06-04T22:15:09.940

Modified: 2024-10-27T18:35:01.410

Link: CVE-2022-28655

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-28655", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "state": "PUBLISHED", "assignerShortName": "canonical", "dateReserved": "2022-04-05T02:16:30.819Z", "datePublished": "2024-06-04T21:56:50.616Z", "dateUpdated": "2024-10-27T17:49:04.264Z"}, "containers": {"cna": {"affected": [{"packageName": "apport", "product": "Apport", "vendor": "Canonical Ltd.", "repo": "https://github.com/canonical/apport", "platforms": ["Linux"], "versions": [{"lessThan": "2.21.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "is_closing_session() allows users to create arbitrary tcp dbus connections"}], "references": [{"tags": ["vendor-advisory"], "url": "https://ubuntu.com/security/notices/USN-5427-1"}, {"tags": ["issue-tracking"], "url": "https://www.cve.org/CVERecord?id=CVE-2022-28655"}], "credits": [{"lang": "en", "type": "finder", "value": "Gerrit Venema"}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2024-06-04T21:56:50.616Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:56:16.459Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-5427-1"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://www.cve.org/CVERecord?id=CVE-2022-28655"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-770", "lang": "en", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-06T14:08:24.480412Z", "id": "CVE-2022-28655", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-27T17:49:04.264Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://ubuntu.com/security/notices/USN-5427-1", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://www.cve.org/CVERecord?id=CVE-2022-28655", "tags": ["issue-tracking", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:56:16.459Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-28655", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-06T14:08:24.480412Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-06T14:59:03.597Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Gerrit Venema"}], "affected": [{"repo": "https://github.com/canonical/apport", "vendor": "Canonical Ltd.", "product": "Apport", "versions": [{"status": "affected", "version": "0", "lessThan": "2.21.0", "versionType": "semver"}], "platforms": ["Linux"], "packageName": "apport"}], "references": [{"url": "https://ubuntu.com/security/notices/USN-5427-1", "tags": ["vendor-advisory"]}, {"url": "https://www.cve.org/CVERecord?id=CVE-2022-28655", "tags": ["issue-tracking"]}], "descriptions": [{"lang": "en", "value": "is_closing_session() allows users to create arbitrary tcp dbus connections"}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2024-06-04T21:56:50.616Z"}}}, "cveMetadata": {"cveId": "CVE-2022-28655", "state": "PUBLISHED", "dateUpdated": "2024-10-27T17:49:04.264Z", "dateReserved": "2022-04-05T02:16:30.819Z", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "datePublished": "2024-06-04T21:56:50.616Z", "assignerShortName": "canonical"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD92D087-0439-48BE-9B32-5156B335A145", "versionEndExcluding": "2.21.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:-:*:*:*", "matchCriteriaId": "3D94DA3B-FA74-4526-A0A0-A872684598C6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*", "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "is_closing_session() allows users to create arbitrary tcp dbus connections"}, {"lang": "es", "value": "is_closing_session() permite a los usuarios crear conexiones tcp dbus arbitrarias"}], "id": "CVE-2022-28655", "lastModified": "2024-10-27T18:35:01.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-04T22:15:09.940", "references": [{"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/notices/USN-5427-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://www.cve.org/CVERecord?id=CVE-2022-28655"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}