ROSA LABROSA-SA-2024-2464Advisory ROSA-SA-2024-2464
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
Software: util-linux 2.32.1
OS: ROSA Virtualization 2.1
package_evr_string: util-linux-2.32.1
CVE-ID: CVE-2022-0563
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A compilation vulnerability with Readline support has been discovered in the util-linux utilities chfn and chsh. The Readline library uses the “INPUTRC” environment variable to obtain the path to the library configuration file. When the library fails to analyze the specified file, it displays an error message containing data from the file. This vulnerability allows an unprivileged user to read files owned by root, potentially leading to privilege escalation.
CVE-STATUS: Not Relevant
CVE-REV:
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low