saphanabootstrap-formula: Escalation to root for arbitrary users in hana/ha_cluster.sls

CVE-2022-45153

7HIGH

Key Information

Vendor: Suse
Status: Suse Linux Enterprise Module For SAP Applications 15-sp1; Suse Linux Enterprise Server For SAP 12-sp5; Opensuse Leap 15.4
Vendor: CVE Published:; 15 February 2023

Summary

An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.

Affected Version(s)

SUSE Linux Enterprise Module for SAP Applications 15-SP1 < 0.13.1+git.1667812208.4db963e

SUSE Linux Enterprise Server for SAP 12-SP5 < 0.13.1+git.1667812208.4db963e

openSUSE Leap 15.4 < 0.13.1+git.1667812208.4db963e

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 7.8 to: 7 - (HIGH)
Feb 22, 2024
Vulnerability published.
Feb 15, 2023
Vulnerability Reserved.
Nov 11, 2022

Collectors

NVD DatabaseMitre Database

Credit

Johannes Segitz of SUSE