Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
inn: %post calls user owned file allowing local privilege escalation to root
Vulnerability Description
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
缺省权限不正确
Vulnerability Title
openSUSE 安全漏洞
Vulnerability Description
openSUSE是德国SUSE公司的一套基于Linux的自由操作系统与开源社区项目。 openSUSE 存在安全漏洞,攻击者可利用该漏洞通过inn的inupgrade绕过限制,进行权限提升。
CVSS Information
N/A
Vulnerability Type
N/A