CVE-2021-31998

Summary

A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.

Affected Software

VendorProductVersion RangeStatus
SUSESUSE Linux Enterprise Server 11-SP3inn <= inn-2.4.2-170.21.3.1affected
openSUSEopenSUSE Backports SLE-15-SP2inn < 2.6.2affected
openSUSEopenSUSE Leap 15.2inn < 2.6.2affected

Weaknesses

  • CWE-276: CWE-276: Incorrect Default Permissions

ADP Enrichment

CVE Program Container

Additional References

References