Lucene search

[email protected]CVE-2022-25643

HistoryFeb 24, 2022 - 3:15 p.m.

CVE-2022-25643

2022-02-2415:15:00

CWE-668

[email protected]

web.nvd.nist.gov

cve

2022

25643

seatd-launch

seatd

security vulnerability

file removal

escalated privileges

setuid root

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

73.7%

JSON

seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.

CPENameOperatorVersion
seatd_project:seatdseatd project seatdlt0.6.4

CPE	Name	Operator	Version
seatd_project:seatd	seatd project seatd	lt	0.6.4

References

github.com/kennylevinsen/seatd/commit/10658dc5439db429af0088295a051c53925a4416

github.com/kennylevinsen/seatd/commit/7cffe0797fdb17a9c08922339465b1b187394335

github.com/kennylevinsen/seatd/compare/0.6.3...0.6.4

github.com/kennylevinsen/seatd/tags

lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E

nvd.nist.gov/vuln/detail/CVE-2022-25643

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for CVE-2022-25643

debiancve1 prion1 nessus1 freebsd1 osv2 veracode1 ubuntucve1 qt1