slurm: %post for slurm-testsuite operates as root in user owned directory
CVE-2022-31251

6.5MEDIUM

Key Information:

Vendor: Suse
Status: Opensuse Factory
Vendor: CVE Published:; 7 September 2022

Summary

A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.

Affected Version(s)

openSUSE Factory slurm < 22.05.2-3.3

References

https://bugzilla.suse.com/show_bug.cgi?id=1201674

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 7, 2022
Vulnerability Reserved
May 20, 2022

Credit

Johannes Segitz from SUSE