CVE-2021-31998

A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
suseCNA
6.8 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
opensuseinn
𝑥
≤ 2.4.2-170.21.3.1
opensuseinn
𝑥
< 2.6.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
inn2
bullseye
2.6.4-2
fixed
bookworm
2.7.1-1+deb12u1
fixed
sid
2.7.3~20241006-1
fixed
trixie
2.7.3~20241006-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
inn2
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
impish
ignored
hirsute
ignored
groovy
ignored
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
dne
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=1182321
https://bugzilla.suse.com/show_bug.cgi?id=1182321