CVE-2022-21950 - OpenCVE

A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Opensuse	Canna Factory Backports Sle
Suse	Linux Enterprise

Configuration 1 [-]

AND

cpe:2.3:a:opensuse:canna:*:*:*:*:*:*:*:*

cpe:2.3:a:opensuse:backports_sle:15.0:sp3:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:opensuse:canna:*:*:*:*:*:*:*:*

cpe:2.3:a:opensuse:backports_sle:15.0:sp4:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:a:opensuse:canna:3.7p3:*:*:*:*:*:*:*

OR	cpe:2.3:a:opensuse:factory:-:::::::*
	cpe:2.3:o:suse:linux_enterprise:12.0:::::::*

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=1199280	Issue Tracking Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: suse

Published: 2022-09-07T00:00:00

Updated: 2023-01-19T00:00:00

Reserved: 2021-12-16T00:00:00

Link: CVE-2022-21950

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-07T09:15:08.670

Modified: 2023-04-14T18:50:52.760

Link: CVE-2022-21950

JSON object: View

Redhat Information

No data.

CWE

CWE-284

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:canna:*:*:*:*:*:*:*:*", "matchCriteriaId": "627905AC-CD77-4169-B771-A681688BAA3A", "versionEndExcluding": "3.7p3-bp153.2.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "4847454B-DCD3-4F32-833E-6E51A90F06E9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:canna:*:*:*:*:*:*:*:*", "matchCriteriaId": "345554AF-5541-4D24-8FDB-1F0648F492FE", "versionEndExcluding": "3.7p3-bp154.3.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "842598F5-31B5-42D2-930C-B405314217B1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:canna:3.7p3:*:*:*:*:*:*:*", "matchCriteriaId": "C62B2B23-EA58-4EE8-B7AD-4FD074A64332", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*", "matchCriteriaId": "E29492E1-43D8-43BF-94E3-26A762A66FAA", "vulnerable": false}, {"criteria": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "CBC8B78D-1131-4F21-919D-8AC79A410FB9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there."}, {"lang": "es", "value": "Una vulnerabilidad de Control de Acceso inapropiado en el servicio systemd de cana en openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 permite a usuarios locales secuestrar el socket de dominio UNIX Este problema afecta a: openSUSE Backports SLE-15-SP3 versiones de canna anteriores a canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 versiones de canna anteriores a 3.7p3-bp154.3.3.1. openSUSE Factory tambi\u00e9n est\u00e1 afectado. En lugar de arreglar el paquete fue eliminado all\u00ed"}], "id": "CVE-2022-21950", "lastModified": "2023-04-14T18:50:52.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "meissner@suse.de", "type": "Secondary"}]}, "published": "2022-09-07T09:15:08.670", "references": [{"source": "meissner@suse.de", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1199280"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "meissner@suse.de", "type": "Primary"}]}