Lucene search

SuseCVELIST:CVE-2021-46705

HistoryMar 16, 2022 - 9:50 a.m.

CVE-2021-46705 grub2-once uses fixed file name in /var/tmp

2022-03-1609:50:10

CWE-377

suse

www.cve.org

insecure temporary file

suse linux enterprise server 15 sp4

opensuse factory

local attackers

arbitrary files

vulnerability

cve-2021-46705

grub2

CVSS3

5.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

5.4

Confidence

High

EPSS

Percentile

5.1%

JSON

A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.

CNA Affected

[
  {
    "product": "SUSE Linux Enterprise Server 15 SP4",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.06-150400.7.1",
        "status": "affected",
        "version": "grub2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "openSUSE Factory",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.06-18.1",
        "status": "affected",
        "version": "grub2",
        "versionType": "custom"
      }
    ]
  }
]

References

bugzilla.suse.com/show_bug.cgi?id=1190474

CVSS3

5.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

5.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-46705