Vulnerabilities > CVE-2022-21946 - Unspecified vulnerability in Opensuse Cscreen 1.2/1.3

CVSS 5.3 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

local

low complexity

opensuse

NVD

Published: 2022-03-16

Updated: 2024-11-21

Summary

A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.

Vulnerable Configurations

Part	Description	Count
Application	Opensuse Opensuse Cscreen 1.2 Opensuse Cscreen 1.3 Opensuse Factory -	3

References

https://bugzilla.suse.com/show_bug.cgi?id=1196451
https://bugzilla.suse.com/show_bug.cgi?id=1196451