| Vulnerability Name: | CVE-2022-31250 (CCN-231988) | ||||||||||||||||||||
| Assigned: | 2022-06-23 | ||||||||||||||||||||
| Published: | 2022-06-23 | ||||||||||||||||||||
| Updated: | 2022-11-08 | ||||||||||||||||||||
| Summary: | A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1. | ||||||||||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||||
| CVSS v2 Severity: | 6.2 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:N)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-59 | ||||||||||||||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-31250 Source: CCN Type: Bugzilla - Bug 1200885 (CVE-2022-31250) VUL-0: CVE-2022-31250: keylime: %post scriplet allows for privilege escalation from keylime user to root Source: CONFIRM Type: Exploit, Issue Tracking, Vendor Advisory https://bugzilla.suse.com/show_bug.cgi?id=1200885 Source: XF Type: UNKNOWN opensuse-cve202231250-symlink(231988) Source: CCN Type: openSUSE Web site keylime | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||