CVE-2022-21950

A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there.
References
Link Resource
https://bugzilla.suse.com/show_bug.cgi?id=1199280 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:opensuse:canna:*:*:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:sp3:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:opensuse:canna:*:*:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:sp4:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:opensuse:canna:3.7p3:*:*:*:*:*:*:*
OR cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*

History

14 Apr 2023, 18:50

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.8
v2 : unknown
v3 : 5.3

13 Sep 2022, 22:51

Type Values Removed Values Added
References (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1199280 - (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1199280 - Issue Tracking, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CPE cpe:2.3:a:opensuse:backports_sle:15.0:sp4:*:*:*:*:*:*
cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:sp3:*:*:*:*:*:*
cpe:2.3:a:opensuse:canna:*:*:*:*:*:*:*:*
cpe:2.3:a:opensuse:canna:3.7p3:*:*:*:*:*:*:*

07 Sep 2022, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-07 09:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-21950

Mitre link : CVE-2022-21950

CVE.ORG link : CVE-2022-21950


JSON object : View

Products Affected

suse

  • linux_enterprise

opensuse

  • canna
  • factory
  • backports_sle
CWE
CWE-284

Improper Access Control