CVE-2022-45153

Published Feb 15, 2023

Last updated 2 years ago

CVSS high 7.8

Overview

Description: An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.
Source: meissner@suse.de
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

meissner@suse.de: CWE-276

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:suse:linux_enterprise_module_for_sap_applications:15:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1D4273D-67F7-4E62-8EF6-6C7F832269D9"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE80EB04-7F9D-4C0B-85DB-4A13DEACB5E4"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:sap:*:*",
            "vulnerable": true,
            "matchCriteriaId": "471E110C-10CC-4C36-BDE1-BBB27EF5C6EA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References