VDB
CVE-2021-31998
CVE-2021-31998
PUBLISHED
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.
EPSS 0.03% · 8.7th percentile
Risk Scores
EPSS Score
0.03%
8.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:24.04:LTS | inn2 | 2.7.2~20230917-1, 2.7.2~20240120-1ubuntu1, 0 |
| Ubuntu:22.04:LTS | inn2 | 0, 2.6.4-2build1, 2.6.4-2build2 |
| Ubuntu:18.04:LTS | inn2 | 2.6.1-3, 0, 2.6.1-2build1 |
| Ubuntu:16.04:LTS | inn2 | 2.5.4-3, 2.6.0-2, 2.6.0-1 |
| Ubuntu:25.10 | inn2 | 0, 2.7.3~20250201-1, 2.7.3~rc1-1 |
| Ubuntu:20.04:LTS | inn2 | 2.6.3-2build1, 2.6.3-2build2, 2.6.3-3 |
Exploit Intelligence
Timeline
- Jun 3, 2021 CVE Published
- Jun 11, 2021 EPSS Score
- Aug 12, 2021 EPSS Score
- Oct 12, 2021 EPSS Score
- Dec 11, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 12, 2022 EPSS Score
- Jun 12, 2022 EPSS Score
- Aug 12, 2022 EPSS Score
- Oct 12, 2022 EPSS Score
- Dec 12, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-31998 third-party-advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1182321 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-31998 third-party-advisory