CVE-2022-21944

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

openSUSE / Factorywatchman – 4.9.0-9.1
openSUSE / openSUSE Backports SLE-15-SP3watchman – 4.9.0

References

MISChttps://bugzilla.suse.com/show_bug.cgi?id=1194470