Description
A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.
References (1)
Core 1
Core References
Exploit, Issue Tracking, Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1196451
Scores
CVSS v3
5.3
EPSS
0.0004
EPSS Percentile
10.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-732
Status
published
Products (1)
opensuse/cscreen
1.2 - 1.3
Published
Mar 16, 2022
Tracked Since
Feb 18, 2026