VDB

CVE-2022-21950

CVE-2022-21950 PUBLISHED CVSS 5.300000190734863 MEDIUM

A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there.

EPSS 0.09% · 26.4th percentile

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.09%
26.4th percentile

Affected Products

VendorProductVersions
openSUSEopenSUSE Backports SLE-15-SP4canna
openSUSEopenSUSE Backports SLE-15-SP3*
opensusecanna0, 0, 3.7p3

Timeline

  • Aug 16, 2022 CVE Published
  • Sep 8, 2022 EPSS Score
  • Oct 23, 2022 EPSS Score
  • Dec 7, 2022 EPSS Score
  • Jan 22, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 8, 2023 EPSS Score
  • Apr 22, 2023 EPSS Score
  • Jun 6, 2023 EPSS Score
  • Jul 21, 2023 EPSS Score
  • Sep 4, 2023 EPSS Score
  • Oct 20, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›