CVE-2022-45153 - Vulnerability Details - OpenCVE

An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opensuse	Leap
Suse	Linux Enterprise Module For Sap Applications Linux Enterprise Server

Configuration 1 [-]

OR	cpe:2.3:a:suse:linux_enterprise_module_for_sap_applications:15:sp1::::::
	cpe:2.3:o:opensuse:leap:15.4:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:12:sp5::::sap::*

No data.

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=1205990

History

No history.

MITRE

Status: PUBLISHED

Assigner: suse

Published: 2023-02-15T00:00:00

Updated: 2024-08-03T14:09:55.968Z

Reserved: 2022-11-11T00:00:00

Link: CVE-2022-45153

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-15T10:15:16.970

Modified: 2024-11-21T07:28:51.710

Link: CVE-2022-45153

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-45153", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "dateUpdated": "2024-08-03T14:09:55.968Z", "dateReserved": "2022-11-11T00:00:00", "datePublished": "2023-02-15T00:00:00"}, "containers": {"cna": {"title": "saphanabootstrap-formula: Escalation to root for arbitrary users in hana/ha_cluster.sls", "datePublic": "2023-01-02T00:00:00", "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2023-02-15T00:00:00"}, "descriptions": [{"lang": "en", "value": "An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e."}], "affected": [{"vendor": "SUSE", "product": "SUSE Linux Enterprise Module for SAP Applications 15-SP1", "versions": [{"version": "saphanabootstrap-formula", "status": "affected", "lessThan": "0.13.1+git.1667812208.4db963e", "versionType": "custom"}]}, {"vendor": "SUSE", "product": "SUSE Linux Enterprise Server for SAP 12-SP5", "versions": [{"version": "saphanabootstrap-formula", "status": "affected", "lessThan": "0.13.1+git.1667812208.4db963e", "versionType": "custom"}]}, {"vendor": "openSUSE", "product": "openSUSE Leap 15.4", "versions": [{"version": "saphanabootstrap-formula", "status": "affected", "lessThan": "0.13.1+git.1667812208.4db963e", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1205990"}], "credits": [{"lang": "en", "value": "Johannes Segitz of SUSE"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-276: Incorrect Default Permissions", "cweId": "CWE-276"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1205990", "defect": ["1205990"], "discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:09:55.968Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1205990", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:linux_enterprise_module_for_sap_applications:15:sp1:*:*:*:*:*:*", "matchCriteriaId": "B1D4273D-67F7-4E62-8EF6-6C7F832269D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.4:*:*:*:*:*:*:*", "matchCriteriaId": "BE80EB04-7F9D-4C0B-85DB-4A13DEACB5E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:sap:*:*", "matchCriteriaId": "471E110C-10CC-4C36-BDE1-BBB27EF5C6EA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e."}, {"lang": "es", "value": "Una vulnerabilidad de permisos predeterminados incorrectos en la f\u00f3rmula saphanabootstrap del m\u00f3dulo SUSE Linux Enterprise para aplicaciones SAP 15-SP1, SUSE Linux Enterprise Server para SAP 12-SP5; openSUSE Leap 15.4 permite a atacantes locales escalar a root manipulando la configuraci\u00f3n sudo que se crea. Este problema afecta: SUSE Linux Enterprise Module para aplicaciones SAP 15-SP1 versiones de f\u00f3rmula saphanabootstrap anteriores a 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server para versiones de f\u00f3rmula saphanabootstrap de SAP 12-SP5 anteriores a 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 versiones de f\u00f3rmula saphanabootstrap anteriores a 0.13.1+git.1667812208.4db963e."}], "id": "CVE-2022-45153", "lastModified": "2024-11-21T07:28:51.710", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "meissner@suse.de", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-15T10:15:16.970", "references": [{"source": "meissner@suse.de", "tags": ["Exploit", "Issue Tracking"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1205990"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1205990"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "meissner@suse.de", "type": "Secondary"}]}