CVE-2022-31250 is a vulnerability in OpenSuse Tumbleweed
Published on July 20, 2022
keylime %post scriplet allows for privilege escalation from keylime user to root
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1.
Vulnerability Analysis
CVE-2022-31250 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is an insecure temporary file Vulnerability?
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CVE-2022-31250 has been classified to as an insecure temporary file vulnerability or weakness.
Products Associated with CVE-2022-31250
Want to know whenever a new CVE is published for OpenSuse Tumbleweed? stack.watch will email you.
Affected Versions
openSUSE Tumbleweed:- Version keylime and below 6.4.2-1.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.