CVE-2023-32183

Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32183	Exploit Issue Tracking Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32183	Exploit Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:opensuse:tumbleweed:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:02

Type	Values Removed	Values Added
References	~~() https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32183 - Exploit, Issue Tracking, Vendor Advisory~~	() https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32183 - Exploit, Issue Tracking, Vendor Advisory

17 Jul 2023, 18:43

Type	Values Removed	Values Added
CPE		cpe:2.3:o:opensuse:tumbleweed:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
References	~~(MISC) https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32183 -~~	(MISC) https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32183 - Exploit, Issue Tracking, Vendor Advisory
First Time		Opensuse Opensuse tumbleweed

07 Jul 2023, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-07-07 09:15

Updated : 2024-11-21 08:02

NVD link : CVE-2023-32183

Mitre link : CVE-2023-32183

CVE.ORG link : CVE-2023-32183

JSON object : View

Products Affected

opensuse

tumbleweed

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2023-32183", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "meissner@suse.de", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-07-07T09:15:10.013", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32183", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "meissner@suse.de"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32183", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "meissner@suse.de", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root\nThis issue affects openSUSE Tumbleweed.\n\n"}], "lastModified": "2024-11-21T08:02:51.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:tumbleweed:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "107C84EE-5E5C-4C36-A6DA-295144A527E9"}], "operator": "OR"}]}], "sourceIdentifier": "meissner@suse.de"}

7.8 /10