CVE-2022-21944

HIGH

openSUSE watchman <4.9.0-9.1 - Privilege Escalation

Title source: llm

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1.

References (1)

[Issue Tracking, Vendor Advisory] https://bugzilla.suse.com/show_bug.cgi?id=1194470

Scores

CVSS v3 7.8

EPSS 0.0011

EPSS Percentile 29.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-59

Status published

Affected Products (1)

opensuse/factory_watchman < 4.9.1

Timeline

Published Jan 26, 2022

Tracked Since Feb 18, 2026