Home > Vulnerability Database > CVE-2022-31252

Mend.io Vulnerability Database

CVE-2022-31252

Date: October 6, 2022

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.

Language: Python

Severity Score

4.4

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-31252

Url: https://bugzilla.suse.com/show_bug.cgi?id=1203018

Url: https://github.com/openSUSE/permissions/commit/4d165f472aa2a4d82967084a5519e3b9ad9bfea6

Url: https://github.com/openSUSE/permissions/pull/152

Url: https://www.cve.org/CVERecord?id=CVE-2022-31252

Url: https://www.mend.io/vulnerability-database/CVE-2022-31252

Severity Score

4.4

Weakness Type (CWE)

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-31252

Date: October 6, 2022

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?