Description
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- openSUSE / openSUSE Leap 15.4saphanabootstrap-formula – 0.13.1+git.1667812208.4db963e
- SUSE / SUSE Linux Enterprise Module for SAP Applications 15-SP1saphanabootstrap-formula – 0.13.1+git.1667812208.4db963e
- SUSE / SUSE Linux Enterprise Server for SAP 12-SP5saphanabootstrap-formula – 0.13.1+git.1667812208.4db963e