CVEFinder.io

CVE-2022-31252

🔶 medium
🔍 Scan for this CVE
Summary

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to

Description

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions prior to 20170707. openSUSE Leap 15.3 permissions versions prior to 20200127. openSUSE Leap 15.4 permissions versions prior to 20201225. openSUSE Leap Micro 5.2 permissions versions prior to 20181225.

CVSS Score
4.4
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2022-10-06
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 11.6% of all 317,883 vulnerabilities in our database.

#280,902
Below average severity
Severity Percentile
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE IDs (Weakness Types)
CWE-863

📦 Affected Products 4

Vendor Product Status Affected Versions
suse linux_enterprise_server Affected
v12
opensuse leap Affected
v15.3
opensuse leap Affected
v15.4
opensuse leap_micro Affected
v5.2

🔗 References 1

https://bugzilla.suse.com/show_bug.cgi?id=1203018
Issue Tracking Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-25702 ⚠️ high 7.3 0.1 A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causi... 2026-03-05
CVE-2025-32463 ⛔ critical 9.3 20.8 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director... 2025-06-30
CVE-2024-46951 ⚠️ high 7.8 0.1 An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pa... 2024-11-10
CVE-2024-46953 ⚠️ high 7.8 0.1 An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the f... 2024-11-10
CVE-2024-46955 🔶 medium 5.5 0.1 An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when readi... 2024-11-10
CVE-2024-46956 ⚠️ high 7.8 0.2 An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforal... 2024-11-10
These CVEs affect the same products