Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-21950

A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there.

Published

2022-09-07T09:15:08.670

Last Modified

2024-11-21T06:45:46.067

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-284

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	opensuse	canna	< 3.7p3-bp153.2.3.1	Yes
Application	opensuse	backports_sle	15.0	No
Application	opensuse	canna	< 3.7p3-bp154.3.3.1	Yes
Application	opensuse	backports_sle	15.0	No
Application	opensuse	canna	3.7p3	Yes
Application	opensuse	factory	-	No
Operating System	suse	linux_enterprise	12.0	No

References

https://bugzilla.suse.com/show_bug.cgi?id=1199280 Issue Tracking, Vendor Advisory ([email protected])
https://bugzilla.suse.com/show_bug.cgi?id=1199280 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)