CVE-2022-21946: suddoers configuration for cscreen not restrictive enough
First published: Wed Mar 16 2022(Updated: )
A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opensuse Cscreen | >=1.2<=1.3 | |
| openSUSE Factory |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-21946?
CVE-2022-21946 refers to a vulnerability in the sudoers configuration in cscreen of openSUSE Factory, allowing local users to gain privileges and access/manipulate cscreen sessions.
How severe is CVE-2022-21946?
The severity of CVE-2022-21946 is medium with a CVSS score of 5.3.
What is the affected software for CVE-2022-21946?
The affected software for CVE-2022-21946 is openSUSE Factory cscreen version 1.2 to 1.3.
How can local users exploit CVE-2022-21946?
Local users can exploit CVE-2022-21946 by abusing the incorrect permission assignment in the sudoers configuration to gain privileges and manipulate cscreen sessions.
Is openSUSE Factory vulnerable to CVE-2022-21946?
No, openSUSE Factory is not vulnerable to CVE-2022-21946.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/title
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/opensuse
- canonical/opensuse cscreen
- version/opensuse cscreen/1.2
- version/opensuse cscreen/1.3
- canonical/opensuse factory