VDB
CVE-2022-21950
CVE-2022-21950
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there.
EPSS 0.09% · 26.4th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.09%
26.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| openSUSE | openSUSE Backports SLE-15-SP4 | canna |
| openSUSE | openSUSE Backports SLE-15-SP3 | * |
| opensuse | canna | 0, 0, 3.7p3 |
Exploit Intelligence
Timeline
- Aug 16, 2022 CVE Published
- Sep 8, 2022 EPSS Score
- Oct 23, 2022 EPSS Score
- Dec 7, 2022 EPSS Score
- Jan 22, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 8, 2023 EPSS Score
- Apr 22, 2023 EPSS Score
- Jun 6, 2023 EPSS Score
- Jul 21, 2023 EPSS Score
- Sep 4, 2023 EPSS Score
- Oct 20, 2023 EPSS Score