What is CVE-2021-25317?

CVE-2021-25317 is a low-severity vulnerability in Opensuse Factory, classified under Incorrect Default Permissions. CVSS score: 3.3/10. Published 2021-05-05.

How severe is CVE-2021-25317?

Low severity. CVSS v3 base score is 3.3 out of 10.

Vulnerability in Opensuse Factory

CVE-2021-25317

A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of…

EPSS: 0.001 (27.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.3 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

Opensuse Factory — versions cups
Opensuse Leap 15.2 — versions cups
Suse Linux Enterprise Server 11-sp4-ltss — versions cups
Suse Manager Server 4.0 — versions cups
Suse Openstack Cloud Crowbar 9 — versions cups

Weakness classification (CWE)

CWE-276 — Incorrect Default Permissions

References

bugzilla.suse.com/show_bug.cgi
FEDORA-2021-dc578ce534 (vendor-advisory)
FEDORA-2021-7b698513d5 (vendor-advisory)
FEDORA-2021-be95e017e7 (vendor-advisory)

Frequently asked questions

What is CVE-2021-25317?: CVE-2021-25317 is a low-severity vulnerability in Opensuse Factory, classified under Incorrect Default Permissions. CVSS score: 3.3/10. Published 2021-05-05.
How severe is CVE-2021-25317?: Low severity. CVSS v3 base score is 3.3 out of 10.