{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3560", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T01:14:02.456Z", "dateReserved": "2022-10-17T00:00:00", "datePublished": "2023-02-02T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-02-02T00:00:00"}, "descriptions": [{"lang": "en", "value": "A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack."}], "affected": [{"vendor": "n/a", "product": "pesign", "versions": [{"version": "All versions up to pesign-115", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135420#c0"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-22->CWE-269", "cweId": "CWE-22"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:14:02.456Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135420#c0", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pesign_project:pesign:*:*:*:*:*:*:*:*", "matchCriteriaId": "1EB485F6-54E4-4678-B085-49FDCE9B51C1", "versionEndExcluding": "116", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack."}], "id": "CVE-2022-3560", "lastModified": "2024-11-21T07:19:46.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-02T21:22:38.193", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135420#c0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135420#c0"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Matthias Gerstner (SUSE Security Team) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2023:1093", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "pesign-0:0.109-11.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-03-07T00:00:00Z"}, {"advisory": "RHSA-2023:1572", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "pesign-0:0.112-27.el8_7", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-04-04T00:00:00Z"}, {"advisory": "RHSA-2023:1586", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "pesign-0:0.112-25.el8_1.1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-04-04T00:00:00Z"}, {"advisory": "RHSA-2023:1107", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "pesign-0:0.112-25.el8_2.1", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-03-07T00:00:00Z"}, {"advisory": "RHSA-2023:1107", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "pesign-0:0.112-25.el8_2.1", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-03-07T00:00:00Z"}, {"advisory": "RHSA-2023:1107", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "pesign-0:0.112-25.el8_2.1", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-03-07T00:00:00Z"}, {"advisory": "RHSA-2023:1066", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "pesign-0:0.112-25.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2023-03-06T00:00:00Z"}, {"advisory": "RHSA-2023:1829", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "pesign-0:0.112-27.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-04-18T00:00:00Z"}, {"advisory": "RHSA-2023:1067", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "pesign-0:115-6.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-03-06T00:00:00Z"}, {"advisory": "RHSA-2023:1065", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "pesign-0:115-6.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-03-06T00:00:00Z"}], "bugzilla": {"description": "pesign: Local privilege escalation on pesign systemd service", "id": "2135420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135420"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-22", "details": ["A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.", "A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack."], "name": "CVE-2022-3560", "public_date": "2023-01-31T15:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3560\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3560"], "threat_severity": "Important", "upstream_fix": "pesign 116"}