CVE-2022-31252 - OpenCVE

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opensuse	Leap Leap Micro
Suse	Linux Enterprise Server

Configuration 1 [-]

OR	cpe:2.3:o:opensuse:leap:15.3:::::::*
	cpe:2.3:o:opensuse:leap:15.4:::::::*
	cpe:2.3:o:opensuse:leap_micro:5.2:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:12:sp5::::::

No data.

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=1203018

History

No history.

MITRE

Status: PUBLISHED

Assigner: suse

Published: 2022-10-06T17:14:05.294457Z

Updated: 2024-09-16T18:40:06.727Z

Reserved: 2022-05-20T00:00:00

Link: CVE-2022-31252

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-10-06T18:16:01.710

Modified: 2022-11-07T20:20:15.843

Link: CVE-2022-31252

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-31252", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "datePublished": "2022-10-06T17:14:05.294457Z", "dateUpdated": "2024-09-16T18:40:06.727Z", "dateReserved": "2022-05-20T00:00:00"}, "containers": {"cna": {"title": "permissions: chkstat does not check for group-writable parent directories or target files in safeOpen()", "datePublic": "2022-09-02T00:00:00", "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2022-10-11T00:00:00"}, "descriptions": [{"lang": "en", "value": "A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225."}], "affected": [{"vendor": "SUSE", "product": "SUSE Linux Enterprise Server 12-SP5", "versions": [{"version": "permissions", "status": "affected", "lessThan": "20170707", "versionType": "custom"}]}, {"vendor": "openSUSE", "product": "openSUSE Leap 15.3", "versions": [{"version": "permissions", "status": "affected", "lessThan": "20200127", "versionType": "custom"}]}, {"vendor": "openSUSE", "product": "openSUSE Leap 15.4", "versions": [{"version": "permissions", "status": "affected", "lessThan": "20201225", "versionType": "custom"}]}, {"vendor": "openSUSE", "product": "openSUSE Leap Micro 5.2", "versions": [{"version": "permissions", "status": "affected", "lessThan": "20181225", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1203018"}], "credits": [{"lang": "en", "value": "Martin Wilck from SUSE"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-863: Incorrect Authorization", "cweId": "CWE-863"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1203018", "defect": ["1203018"], "discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:11:39.924Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1203018", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.3:*:*:*:*:*:*:*", "matchCriteriaId": "090F0D1A-6BF8-4810-8942-3FFE4FBF7FE0", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.4:*:*:*:*:*:*:*", "matchCriteriaId": "BE80EB04-7F9D-4C0B-85DB-4A13DEACB5E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap_micro:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "71185E66-2527-46B5-AEEB-23EB741E9029", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:*:*:*", "matchCriteriaId": "29AE5751-3EA5-4056-8E79-16D8DCD248EF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225."}, {"lang": "es", "value": "Una vulnerabilidad de autorizaci\u00f3n incorrecta en chkstat de SUSE Linux Enterprise Server versi\u00f3n 12-SP5; openSUSE Leap versi\u00f3n 15.3, openSUSE Leap versi\u00f3n 15.4, openSUSE Leap Micro versi\u00f3n 5.2, no ten\u00eda en cuenta los componentes de la ruta de escritura del grupo, lo que permit\u00eda a atacantes locales con acceso a un grupo lo que puede escribir en una ubicaci\u00f3n incluida en la ruta de un binario privilegiado para influir en la resoluci\u00f3n de la ruta. Este problema afecta a: SUSE Linux Enterprise Server 12-SP5 versiones de permisos anteriores a 20170707. openSUSE Leap 15.3 versiones de permisos anteriores a 20200127. openSUSE Leap 15.4 versiones de permisos anteriores a 20201225. openSUSE Leap Micro 5.2 versiones de permisos anteriores a 20181225"}], "id": "CVE-2022-31252", "lastModified": "2022-11-07T20:20:15.843", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "meissner@suse.de", "type": "Secondary"}]}, "published": "2022-10-06T18:16:01.710", "references": [{"source": "meissner@suse.de", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1203018"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "meissner@suse.de", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Secondary"}]}