OpenCVE

An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opensuse	Leap
Suse	Linux Enterprise Module For Sap Applications Linux Enterprise Server

Configuration 1 [-]

OR	cpe:2.3:a:suse:linux_enterprise_module_for_sap_applications:15:sp1::::::
	cpe:2.3:o:opensuse:leap:15.4:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:12:sp5::::sap::*

No data.

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=1205990

History

No history.

MITRE

Status: PUBLISHED

Assigner: suse

Published: 2023-02-15T00:00:00

Updated: 2024-08-03T14:09:55.968Z

Reserved: 2022-11-11T00:00:00

Link: CVE-2022-45153

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-02-15T10:15:16.970

Modified: 2023-02-24T18:57:30.060

Link: CVE-2022-45153

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-45153", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "dateUpdated": "2024-08-03T14:09:55.968Z", "dateReserved": "2022-11-11T00:00:00", "datePublished": "2023-02-15T00:00:00"}, "containers": {"cna": {"title": "saphanabootstrap-formula: Escalation to root for arbitrary users in hana/ha_cluster.sls", "datePublic": "2023-01-02T00:00:00", "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2023-02-15T00:00:00"}, "descriptions": [{"lang": "en", "value": "An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e."}], "affected": [{"vendor": "SUSE", "product": "SUSE Linux Enterprise Module for SAP Applications 15-SP1", "versions": [{"version": "saphanabootstrap-formula", "status": "affected", "lessThan": "0.13.1+git.1667812208.4db963e", "versionType": "custom"}]}, {"vendor": "SUSE", "product": "SUSE Linux Enterprise Server for SAP 12-SP5", "versions": [{"version": "saphanabootstrap-formula", "status": "affected", "lessThan": "0.13.1+git.1667812208.4db963e", "versionType": "custom"}]}, {"vendor": "openSUSE", "product": "openSUSE Leap 15.4", "versions": [{"version": "saphanabootstrap-formula", "status": "affected", "lessThan": "0.13.1+git.1667812208.4db963e", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1205990"}], "credits": [{"lang": "en", "value": "Johannes Segitz of SUSE"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-276: Incorrect Default Permissions", "cweId": "CWE-276"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1205990", "defect": ["1205990"], "discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:09:55.968Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1205990", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:linux_enterprise_module_for_sap_applications:15:sp1:*:*:*:*:*:*", "matchCriteriaId": "B1D4273D-67F7-4E62-8EF6-6C7F832269D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.4:*:*:*:*:*:*:*", "matchCriteriaId": "BE80EB04-7F9D-4C0B-85DB-4A13DEACB5E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:sap:*:*", "matchCriteriaId": "471E110C-10CC-4C36-BDE1-BBB27EF5C6EA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e."}], "id": "CVE-2022-45153", "lastModified": "2023-02-24T18:57:30.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "meissner@suse.de", "type": "Secondary"}]}, "published": "2023-02-15T10:15:16.970", "references": [{"source": "meissner@suse.de", "tags": ["Exploit", "Issue Tracking"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1205990"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "meissner@suse.de", "type": "Primary"}]}