VDB
CVE-2022-31252
CVE-2022-31252
PUBLISHED
CVSS 4.400000095367432 MEDIUM
A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.
EPSS 0.03% · 9.5th percentile
Risk Scores
CVSS 3.1
4.400000095367432
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS Score
0.03%
9.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| suse | linux_enterprise_server | 12 |
| openSUSE | openSUSE Leap Micro 5.2 | * |
| SUSE | SUSE Linux Enterprise Server 12-SP5 | * |
| opensuse | leap_micro | 5.2 |
| openSUSE | openSUSE Leap 15.3 | permissions |
| openSUSE | openSUSE Leap 15.4 | permissions |
| opensuse | leap | 15.4, 15.3 |
Exploit Intelligence
Timeline
- Sep 19, 2022 CVE Published
- Oct 7, 2022 EPSS Score
- Nov 20, 2022 EPSS Score
- Jan 3, 2023 EPSS Score
- Feb 17, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 16, 2023 EPSS Score
- Jun 29, 2023 EPSS Score
- Aug 12, 2023 EPSS Score
- Sep 25, 2023 EPSS Score
- Nov 9, 2023 EPSS Score