Vulnerability Details CVE-2021-31998
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.5%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 7.2
References
Products affected by CVE-2021-31998
-
cpe:2.3:a:opensuse:backports_sle:15.0
-
cpe:2.3:a:opensuse:inn:-
-
cpe:2.3:a:opensuse:inn:2.4.2-170.21.3.1
-
cpe:2.3:o:opensuse:leap:15.2
-
cpe:2.3:o:suse:linux_enterprise_server:11