CVE-2024-22029

Description

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

SUSE / Container suse/manager/5.0/x86_64/server:5.0.0-beta1.2.122? – 9.0.85-150200.57.1
SUSE / openSUSE Leap 15.5? – 9.0.85-150200.57.1
SUSE / openSUSE Tumbleweed? – 9.0.85-3.1
SUSE / SUSE Enterprise Storage 7.1? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise High Performance Computing 15 SP5? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise High Performance Computing 15 SP6? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise Module for Web and Scripting 15 SP5? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise Module for Web and Scripting 15 SP6? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise Server 15 SP2-LTSS? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise Server 15 SP3-LTSS? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise Server 15 SP4-LTSS? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise Server 15 SP5? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise Server 15 SP6? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise Server for SAP Applications 15 SP2? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise Server for SAP Applications 15 SP3? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise Server for SAP Applications 15 SP4? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise Server for SAP Applications 15 SP5? – 9.0.85-150200.57.1
SUSE / SUSE Linux Enterprise Server for SAP Applications 15 SP6? – 9.0.85-150200.57.1
SUSE / SUSE Manager Server 4.3? – 9.0.85-150200.57.1

References

MISChttps://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22029