2.6.3+Git.1614685906.812C31E9

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

suse

CWE-378

NVD

Published: 2021-04-14

Updated: 2023-01-19

Summary

A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9.

Vulnerable Configurations

Part	Description	Count
Application	Suse Suse Hawk2 - Suse Hawk2 2.6.3\+Git.1614684118.Af555Ad9 Suse Hawk2 2.6.3\+Git.1614685906.812C31E9	3
OS	Suse Suse Linux Enterprise High Availability Extension 12 Suse Linux Enterprise High Availability Extension 15	3

Common Weakness Enumeration (CWE)

CWE-378 - Creation of Temporary File With Insecure Permissions

References

https://bugzilla.suse.com/show_bug.cgi?id=1182166