CVE-2021-25314 hawk: Insecure file permissions

2021-04-1400:00:00

CWE-378

suse

www.cve.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9.

CNA Affected

[
  {
    "vendor": "SUSE",
    "product": "SUSE Linux Enterprise High Availability 12-SP3",
    "versions": [
      {
        "version": "hawk2",
        "status": "affected",
        "lessThan": "2.6.3+git.1614685906.812c31e9",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "SUSE",
    "product": "SUSE Linux Enterprise High Availability 12-SP5",
    "versions": [
      {
        "version": "hawk2",
        "status": "affected",
        "lessThan": "2.6.3+git.1614685906.812c31e9",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "SUSE",
    "product": "SUSE Linux Enterprise High Availability 15-SP2",
    "versions": [
      {
        "version": "hawk2",
        "status": "affected",
        "lessThan": "2.6.3+git.1614684118.af555ad9",
        "versionType": "custom"
      }
    ]
  }
]