CVE-2021-31998
MEDIUMinn < 2.4.2-170.21.3.1 - Incorrect Default Permissions
Title source: llmDescription
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.
References (1)
Core 1
Core References
Exploit, Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1182321
Scores
CVSS v3
6.8
EPSS
0.0003
EPSS Percentile
8.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Details
CWE
CWE-276
Status
published
Products (1)
opensuse/inn
< 2.4.2-170.21.3.1
Published
Jun 10, 2021
Tracked Since
Feb 18, 2026