{}

{}

{}

{"bugzilla": {"description": "tomcat: Escalation to root from tomcat user via %post script", "id": "2271114", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271114"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-269", "details": ["A flaw was found in the Tomcat package of OpenSUSE and derived distributions. This issue occurs due to incorrect permissions and a race condition in the %post section of the Tomcat RPM package, resulting in local privilege escalation when the Tomcat package is re-installed."], "name": "CVE-2024-22029", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "tomcat6", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "pki-deps:10.6/pki-servlet-engine", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "pki-servlet-engine", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "tomcat", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-22029\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-22029\nhttps://bugzilla.suse.com/show_bug.cgi?id=1219208\nhttps://bz.apache.org/bugzilla/show_bug.cgi?id=68663"], "statement": "This flaw is specific to OpenSUSE and derived distributions. Therefore, Red Hat products are not affected by this issue.", "threat_severity": "Moderate"}