CVE-2022-31253

HIGH

openSUSE Factory openldap2 <2.6.3-404.1 - Privilege Escalation

Title source: llm

Description

A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.

References (1)

[Exploit, Issue Tracking, Vendor Advisory] https://bugzilla.suse.com/show_bug.cgi?id=1202931

Scores

CVSS v3 7.1

EPSS 0.0005

EPSS Percentile 16.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-426

Status published

Products (1)

opensuse/openldap2 < 2.6.3-404.1

Published Nov 09, 2022

Tracked Since Feb 18, 2026