Vulnerability Description
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Inn | <= 2.4.2-170.21.3.1 |
| Suse | Linux Enterprise Server | 11 |
| Opensuse | Backports Sle | 15.0 |
| Opensuse | Leap | 15.2 |
Related Weaknesses (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=1182321ExploitIssue TrackingVendor Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1182321ExploitIssue TrackingVendor Advisory
FAQ
What is CVE-2021-31998?
CVE-2021-31998 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their...
How severe is CVE-2021-31998?
CVE-2021-31998 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31998?
Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Inn, Suse Linux Enterprise Server, Opensuse Backports Sle, Opensuse Leap.