CVE-2022-31256

2022-10-2609:15:15

CWE-59

[email protected]

web.nvd.nist.gov

cve

2022

31256

improper link resolution

file access

vulnerability

opensuse

factory

sendmail

nvd

escalation of privilege

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A Improper Link Resolution Before File Access (‘Link Following’) vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.

Affected configurations

NVD

Node

opensusefactoryRange<8.17.1-1.1

CPENameOperatorVersion
opensuse:factoryopensuse factorylt8.17.1-1.1

CPE	Name	Operator	Version
opensuse:factory	opensuse factory	lt	8.17.1-1.1

CNA Affected

[
  {
    "vendor": "SUSE",
    "product": "openSUSE Factory",
    "versions": [
      {
        "version": "sendmail",
        "status": "affected",
        "lessThan": "8.17.1-1.1",
        "versionType": "custom"
      }
    ]
  }
]