canna: unsafe handling of /tmp/.iroha_unix directory
CVE-2022-21950

5.3MEDIUM

Key Information:

Vendor: Opensuse
Status: Opensuse Backports Sle-15-sp3; Opensuse Backports Sle-15-sp4
Vendor: CVE Published:; 7 September 2022

What is CVE-2022-21950?

A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

openSUSE Backports SLE-15-SP3 canna

openSUSE Backports SLE-15-SP4 canna < 3.7p3-bp154.3.3.1

References

https://bugzilla.suse.com/show_bug.cgi?id=1199280

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 7, 2022
Vulnerability Reserved
Dec 16, 2021

Credit

Matthias Gerstner from SUSE

JSON

Opensuse