Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2281
HistoryOct 24, 2023 - 2:09 p.m.

Advisory ROSA-SA-2023-2281

2023-10-2414:09:17
ROSA LAB
abf.rosalinux.ru
19
vulnerability
cups
rosa virtualization
privilege escalation
fix
os

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

27.5%

Software: cups 2.2.6
OS: ROSA Virtualization 2.1

package_evr_string: cups-2.2.6-51.0.1.rv3.src.rpm

CVE-ID: CVE-2022-26691
BDU-ID: 2022-04718
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the CUPS print server is related to flaws in the authorization procedure. Exploitation of the vulnerability could allow an attacker to escalate their privileges
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update cups command

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchcups< 2.2.6UNKNOWN

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

27.5%