Vulnerability Description
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Rmt-Server | < 2.10 |
| Suse | Manager Server | 4.1 |
| Opensuse | Leap | 15.3 |
| Suse | Linux Enterprise Server | 15 |
Related Weaknesses (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=1204285ExploitIssue TrackingVendor Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1204285ExploitIssue TrackingVendor Advisory
FAQ
What is CVE-2022-31254?
CVE-2022-31254 is a vulnerability with a CVSS score of 7.8 (HIGH). A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUS...
How severe is CVE-2022-31254?
CVE-2022-31254 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-31254?
Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Rmt-Server, Suse Manager Server, Opensuse Leap, Suse Linux Enterprise Server.