CVE-2024-22029
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SUSE | Container suse/manager/5.0/x86_64/server:5.0.0-beta1.2.122 | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Enterprise Storage 7.1 | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP5 | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise Module for Web and Scripting 15 SP5 | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise Server 15 SP5 | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP6 | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise Module for Web and Scripting 15 SP6 | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise Server 15 SP6 | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise Server 15 SP2-LTSS | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise Server 15 SP3-LTSS | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise Server 15 SP4-LTSS | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP2 | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP3 | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP4 | ? < 9.0.85-150200.57.1 | affected |
| SUSE | SUSE Manager Server 4.3 | ? < 9.0.85-150200.57.1 | affected |
| SUSE | openSUSE Leap 15.5 | ? < 9.0.85-150200.57.1 | affected |
| SUSE | openSUSE Tumbleweed | ? < 9.0.85-3.1 | affected |
Weaknesses
- CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.