CVE-2023-3972

01.11.2023, 16:15

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Vendor	Product	Version
redhat	insights-client	𝑥 < 3.2.2
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
redhat	enterprise_linux_aus	8.6
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	8.6
redhat	enterprise_linux_eus	8.8
redhat	enterprise_linux_eus	9.0
redhat	enterprise_linux_eus	9.2
redhat	enterprise_linux_for_arm_64	8.0
redhat	enterprise_linux_for_arm_64_eus	8.6
redhat	enterprise_linux_for_arm_64_eus	8.8
redhat	enterprise_linux_for_arm_64_eus	9.0
redhat	enterprise_linux_for_arm_64_eus	9.2
redhat	enterprise_linux_for_ibm_z_systems	7.0
redhat	enterprise_linux_for_ibm_z_systems	8.0
redhat	enterprise_linux_for_ibm_z_systems	9.0
redhat	enterprise_linux_for_ibm_z_systems_eus	8.6
redhat	enterprise_linux_for_ibm_z_systems_eus	8.8
redhat	enterprise_linux_for_ibm_z_systems_eus	9.0
redhat	enterprise_linux_for_ibm_z_systems_eus	9.2
redhat	enterprise_linux_for_power_big_endian	7.0
redhat	enterprise_linux_for_power_little_endian	7.0
redhat	enterprise_linux_for_power_little_endian	8.0
redhat	enterprise_linux_for_power_little_endian	9.0
redhat	enterprise_linux_for_power_little_endian_eus	8.6
redhat	enterprise_linux_for_power_little_endian_eus	8.8
redhat	enterprise_linux_for_power_little_endian_eus	9.2
redhat	enterprise_linux_for_scientific_computing	7.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	8.2
redhat	enterprise_linux_server_aus	8.4
redhat	enterprise_linux_server_aus	9.2
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.1
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.2
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.4
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.6
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.8
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.0
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.2
redhat	enterprise_linux_server_tus	8.2
redhat	enterprise_linux_server_tus	8.4
redhat	enterprise_linux_server_tus	8.6
redhat	enterprise_linux_server_tus	8.8
redhat	enterprise_linux_server_update_services_for_sap_solutions	9.2
redhat	enterprise_linux_update_services_for_sap_solutions	8.1
redhat	enterprise_linux_update_services_for_sap_solutions	8.2
redhat	enterprise_linux_update_services_for_sap_solutions	8.4
redhat	enterprise_linux_update_services_for_sap_solutions	8.6
redhat	enterprise_linux_update_services_for_sap_solutions	8.8