CVE-2024-22029 tomcat packaging allows for escalation to root from tomcat user

🗓️ 16 Oct 2024 13:20:47Reported by suseType

Tomcat packaging allows local user escalation to roo

Reporter	Title	Published	Views	Family All 25
CNNVD	SUSE Linux Enterprise Server Security Vulnerability	14 Feb 202400:00	–	cnnvd
CVE	CVE-2024-22029	16 Oct 202413:20	–	cve
Debian CVE	CVE-2024-22029	16 Oct 202413:20	–	debiancve
EUVD	EUVD-2024-19635	3 Oct 202520:07	–	euvd
F5 Networks	K000139340: Apache Tomcat vulnerability CVE-2024-22029	18 Apr 202416:27	–	f5
NVD	CVE-2024-22029	16 Oct 202414:15	–	nvd
OpenVAS	openSUSE Security Advisory (SUSE-SU-2024:0473-1)	4 Mar 202400:00	–	openvas
OpenVAS	openSUSE Security Advisory (SUSE-SU-2024:0472-1)	4 Mar 202400:00	–	openvas
OpenVAS	SUSE: Security Advisory (SUSE-SU-2024:0472-1)	15 Feb 202400:00	–	openvas
OSV	OPENSUSE-SU-2024:13692-1 tomcat-9.0.85-3.1 on GA media	15 Jun 202400:00	–	osv

[
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "Container suse/manager/5.0/x86_64/server:5.0.0-beta1.2.122",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Enterprise Storage 7.1",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise High Performance Computing 15 SP5",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise Server 15 SP5",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise High Performance Computing 15 SP6",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise Server 15 SP6",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise Server 15 SP2-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise Server 15 SP3-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "SUSE Manager Server 4.3",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "openSUSE Leap 15.5",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-150200.57.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "tomcat",
    "product": "openSUSE Tumbleweed",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "9.0.85-3.1",
        "status": "affected",
        "version": "?",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.suse.com/show_bug.cgi

16 Oct 2024 13:20Current

CVSS 3.17.8

EPSS0.00184

CWE-732