CVE-2021-31998

🗓️ 10 Jun 2021 11:25:11Reported by suseType

CVE-2021-31998: Incorrect Default Permissions vulnerability in inn packagin

Reporter	Title	Published	Views	Family All 20
CNNVD	openSUSE 安全漏洞	4 Jun 202100:00	–	cnnvd
Cvelist	CVE-2021-31998 inn: %post calls user owned file allowing local privilege escalation to root	10 Jun 202111:25	–	cvelist
Debian CVE	CVE-2021-31998	10 Jun 202111:25	–	debiancve
EUVD	EUVD-2021-18869	7 Oct 202500:30	–	euvd
NVD	CVE-2021-31998	10 Jun 202112:15	–	nvd
Tenable Nessus	openSUSE Security Update : inn (openSUSE-2021-830)	4 Jun 202100:00	–	nessus
Tenable Nessus	SUSE SLES11 Security Update : inn (SUSE-SU-2021:14750-1)	21 Jun 202100:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2021-31998	27 Aug 202500:00	–	nessus
OPENSUSE Linux	Security update for inn (moderate)	3 Jun 202100:00	–	opensuse
OPENSUSE Linux	Security update for inn (moderate)	7 Jun 202100:00	–	opensuse

NVD

Node

opensuse innRange≤2.4.2-170.21.3.1

AND

suse linux_enterprise_serverMatch11sp3-

Node

opensuse innRange<2.6.2

AND

opensuse backports_sleMatch15.0sp2

opensuse leapMatch15.2

[
  {
    "product": "SUSE Linux Enterprise Server 11-SP3",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThanOrEqual": "inn-2.4.2-170.21.3.1",
        "status": "affected",
        "version": "inn",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "openSUSE Backports SLE-15-SP2",
    "vendor": "openSUSE",
    "versions": [
      {
        "lessThan": "2.6.2",
        "status": "affected",
        "version": "inn",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "openSUSE Leap 15.2",
    "vendor": "openSUSE",
    "versions": [
      {
        "lessThan": "2.6.2",
        "status": "affected",
        "version": "inn",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.suse.com/show_bug.cgi

21 Nov 2024 06:06Current

6.9Medium risk

Vulners AI Score6.9

CVSS 27.2

CVSS 3.16.8 - 7.8

EPSS0.00029

CWE-276