slurm: %post for slurm-testsuite operates as root in user owned directory

CVE-2022-31251

6.5MEDIUM

Key Information

Vendor: Suse
Status: Opensuse Factory
Vendor: CVE Published:; 7 September 2022

Summary

A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affects: openSUSE Factory slurm versions prior to 22.05.2-3.3.

Affected Version(s)

openSUSE Factory < 22.05.2-3.3

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 6.3 to: 6.5 - (MEDIUM)
Aug 3, 2024
Vulnerability published.
Sep 7, 2022
Vulnerability Reserved.
May 20, 2022

Collectors

NVD DatabaseMitre Database

Credit

Johannes Segitz from SUSE