Lucene search

[email protected]CVE-2022-40299

HistorySep 09, 2022 - 1:15 a.m.

CVE-2022-40299

2022-09-0901:15:07

CWE-330

[email protected]

web.nvd.nist.gov

cve-2022-40299

singular

security vulnerability

/tmp pathname

local privilege escalation

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathnames; this CVE Record is not about the lack of a safe temporary-file creation capability in the Singular language.

Affected configurations

NVD

Node

singularsingularRange<4.3.1

CPENameOperatorVersion
singular:singularsingularlt4.3.1

CPE	Name	Operator	Version
singular:singular	singular	lt	4.3.1

References

michael.orlitzky.com/cves/cve-2022-40299.xhtml

github.com/Singular/Singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c

github.com/Singular/Singular/issues/1137

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-40299

ubuntucve1 prion1 cvelist1 nvd1 debiancve1 osv1