Vulnerability Details CVE-2022-21950
A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.8%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2022-21950
-
cpe:2.3:a:opensuse:backports_sle:15.0
-
cpe:2.3:a:opensuse:canna:-
-
cpe:2.3:a:opensuse:canna:3.7p3
-
cpe:2.3:a:opensuse:canna:3.7p3-bp153.2.3.1
-
cpe:2.3:a:opensuse:factory:-
-
cpe:2.3:o:suse:linux_enterprise:12.0