Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for openSUSE Leap 15.3 by openSUSE

    CVE-2022-31254 (GCVE-0-2022-31254)

    Vulnerability from nvd – Published: 2023-02-07 00:00 – Updated: 2025-03-25 15:40
    VLAI
    Title
    rmt-server-pubcloud allows to escalate from user _rmt to root
    Summary
    A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Date Public
    2023-01-03 00:00
    Credits
    Johannes Segitz of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:11:39.905Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204285"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31254",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T15:40:20.381091Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T15:40:27.938Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE Linux Enterprise Server for SAP 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.10",
                  "status": "affected",
                  "version": "rmt-server",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Server for SAP 15-SP1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.10",
                  "status": "affected",
                  "version": "rmt-server",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Manager Server 4.1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.10",
                  "status": "affected",
                  "version": "rmt-server",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.3",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "2.10",
                  "status": "affected",
                  "version": "rmt-server",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.4",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "2.10",
                  "status": "affected",
                  "version": "rmt-server",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Johannes Segitz of SUSE"
            }
          ],
          "datePublic": "2023-01-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276: Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-07T00:00:00.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204285"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1204285",
            "defect": [
              "1204285"
            ],
            "discovery": "INTERNAL"
          },
          "title": "rmt-server-pubcloud allows to escalate from user _rmt to root",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2022-31254",
        "datePublished": "2023-02-07T00:00:00.000Z",
        "dateReserved": "2022-05-20T00:00:00.000Z",
        "dateUpdated": "2025-03-25T15:40:27.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31252 (GCVE-0-2022-31252)

    Vulnerability from nvd – Published: 2022-10-06 17:14 – Updated: 2024-09-16 18:40
    VLAI
    Title
    permissions: chkstat does not check for group-writable parent directories or target files in safeOpen()
    Summary
    A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE SUSE Linux Enterprise Server 12-SP5 Affected: permissions , < 20170707 (custom)
    Create a notification for this product.
    openSUSE openSUSE Leap 15.3 Affected: permissions , < 20200127 (custom)
    Create a notification for this product.
    openSUSE openSUSE Leap 15.4 Affected: permissions , < 20201225 (custom)
    Create a notification for this product.
    openSUSE openSUSE Leap Micro 5.2 Affected: permissions , < 20181225 (custom)
    Create a notification for this product.
    Date Public
    2022-09-02 00:00
    Credits
    Martin Wilck from SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:11:39.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1203018"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE Linux Enterprise Server 12-SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "20170707",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.3",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "20200127",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.4",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "20201225",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap Micro 5.2",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "20181225",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Martin Wilck from SUSE"
            }
          ],
          "datePublic": "2022-09-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1203018"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1203018",
            "defect": [
              "1203018"
            ],
            "discovery": "INTERNAL"
          },
          "title": "permissions: chkstat does not check for group-writable parent directories or target files in safeOpen()",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2022-31252",
        "datePublished": "2022-10-06T17:14:05.294Z",
        "dateReserved": "2022-05-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:40:06.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31254 (GCVE-0-2022-31254)

    Vulnerability from cvelistv5 – Published: 2023-02-07 00:00 – Updated: 2025-03-25 15:40
    VLAI
    Title
    rmt-server-pubcloud allows to escalate from user _rmt to root
    Summary
    A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Date Public
    2023-01-03 00:00
    Credits
    Johannes Segitz of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:11:39.905Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204285"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31254",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T15:40:20.381091Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T15:40:27.938Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE Linux Enterprise Server for SAP 15",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.10",
                  "status": "affected",
                  "version": "rmt-server",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Linux Enterprise Server for SAP 15-SP1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.10",
                  "status": "affected",
                  "version": "rmt-server",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE Manager Server 4.1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.10",
                  "status": "affected",
                  "version": "rmt-server",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.3",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "2.10",
                  "status": "affected",
                  "version": "rmt-server",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.4",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "2.10",
                  "status": "affected",
                  "version": "rmt-server",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Johannes Segitz of SUSE"
            }
          ],
          "datePublic": "2023-01-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276: Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-07T00:00:00.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204285"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1204285",
            "defect": [
              "1204285"
            ],
            "discovery": "INTERNAL"
          },
          "title": "rmt-server-pubcloud allows to escalate from user _rmt to root",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2022-31254",
        "datePublished": "2023-02-07T00:00:00.000Z",
        "dateReserved": "2022-05-20T00:00:00.000Z",
        "dateUpdated": "2025-03-25T15:40:27.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31252 (GCVE-0-2022-31252)

    Vulnerability from cvelistv5 – Published: 2022-10-06 17:14 – Updated: 2024-09-16 18:40
    VLAI
    Title
    permissions: chkstat does not check for group-writable parent directories or target files in safeOpen()
    Summary
    A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE SUSE Linux Enterprise Server 12-SP5 Affected: permissions , < 20170707 (custom)
    Create a notification for this product.
    openSUSE openSUSE Leap 15.3 Affected: permissions , < 20200127 (custom)
    Create a notification for this product.
    openSUSE openSUSE Leap 15.4 Affected: permissions , < 20201225 (custom)
    Create a notification for this product.
    openSUSE openSUSE Leap Micro 5.2 Affected: permissions , < 20181225 (custom)
    Create a notification for this product.
    Date Public
    2022-09-02 00:00
    Credits
    Martin Wilck from SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:11:39.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1203018"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE Linux Enterprise Server 12-SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "20170707",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.3",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "20200127",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap 15.4",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "20201225",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "openSUSE Leap Micro 5.2",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "20181225",
                  "status": "affected",
                  "version": "permissions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Martin Wilck from SUSE"
            }
          ],
          "datePublic": "2022-09-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1203018"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1203018",
            "defect": [
              "1203018"
            ],
            "discovery": "INTERNAL"
          },
          "title": "permissions: chkstat does not check for group-writable parent directories or target files in safeOpen()",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2022-31252",
        "datePublished": "2022-10-06T17:14:05.294Z",
        "dateReserved": "2022-05-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:40:06.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }