CVE-2021-25317

LOW

Published 2021-05-05T09:35:13.321996Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-25317. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

3.3

/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.000

probability

of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.051

Higher than 5.1% of all CVEs

Attack Vector Metrics

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Description

A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

SUSE

SUSE Linux Enterprise Server 11-SP4-LTSS

Affected Versions:

cups

SUSE

SUSE Manager Server 4.0

Affected Versions:

cups

SUSE

SUSE OpenStack Cloud Crowbar 9

Affected Versions:

cups

openSUSE

openSUSE Leap 15.2

Affected Versions:

cups

openSUSE

Factory

Affected Versions:

cups

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed LOW

GHSA-7qpc-9fjw-5c32

Advisory Details

CVSS Scoring

CVSS Score

2.5

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-25317

WEB https://bugzilla.suse.com/show_bug.cgi?id=1184161

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/GWPGZLT3U776Q5YPPSA6LGFWWBDWBVH3

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/H74BP746O5NNVCBUTLLZYAFBPESFVECV

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/S37IDQGHTORQ3Z6VRDQIGBYVOI27YG47

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: January 19, 2023

References

https://bugzilla.suse.com/show_bug.cgi?id=1184161

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H74BP746O5NNVCBUTLLZYAFBPESFVECV/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S37IDQGHTORQ3Z6VRDQIGBYVOI27YG47/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWPGZLT3U776Q5YPPSA6LGFWWBDWBVH3/

Published: 2021-05-05T09:35:13.321996Z

Last Modified: 2024-09-17T00:32:16.952Z

Copied to clipboard!

CVE-2021-25317

Expert Analysis

CVSS Score

EPSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Related News

Affected Products

SUSE Linux Enterprise Server 11-SP4-LTSS

Affected Versions:

SUSE Manager Server 4.0

Affected Versions:

SUSE OpenStack Cloud Crowbar 9

Affected Versions:

openSUSE Leap 15.2

Affected Versions:

Factory

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!