CVE-2022-21946 MEDIUM

CVE-2022-21946: suddoers configuration for cscreen not restrictive enough

Vendor Opensuse
Product Factory
Weakness CWE-732
Published March 16, 2022
Last update September 17, 2024

CVSS base score

5.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.

Key dates

02Disclosure timeline

March 16, 2022 CVE published
September 17, 2024 Record updated