CVE-2022-31250

HIGH7.1

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Affected products

openSUSE / Tumbleweedkeylime – 6.4.2-1.1

References

MISChttps://bugzilla.suse.com/show_bug.cgi?id=1200885