CVE-2022-21950
5.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| openSUSE | openSUSE Backports SLE-15-SP3 | canna < canna-3.7p3-bp153.2.3.1 | affected |
| openSUSE | openSUSE Backports SLE-15-SP4 | canna < 3.7p3-bp154.3.3.1 | affected |
Weaknesses
- CWE-284: CWE-284: Improper Access Control
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.