Local User Escalation via Insecure Packaging
CVE-2024-22029
7.8HIGH
Key Information
- Vendor
- Suse
- Status
- Container Suse/manager/5.0/x86 64/server:5.0.0-beta1.2.122
- Suse Enterprise Storage 7.1
- Suse Linux Enterprise High Performance Computing 15 Sp2-ltss
- Suse Linux Enterprise High Performance Computing 15 Sp3-ltss
- Vendor
- CVE Published:
- 16 October 2024
Summary
Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root
Affected Version(s)
Container suse/manager/5.0/x86_64/server:5.0.0-beta1.2.122 < 9.0.85-150200.57.1
SUSE Enterprise Storage 7.1 < 9.0.85-150200.57.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS < 9.0.85-150200.57.1
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Johannes Segitz of SUSE