- Description
- A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.
- Source
- meissner@suse.de
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- meissner@suse.de
- CWE-276
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:inn:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DC56D89-5FE7-481B-905C-09FFA782FABE",
"versionEndIncluding": "2.4.2-170.21.3.1"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
"vulnerable": false,
"matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:inn:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C3649D1-3F62-48BA-8411-D9D0AA21B6A8",
"versionEndExcluding": "2.6.2"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "67E82302-4B77-44F3-97B1-24C18AC4A35D"
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]