Path Traversal in Suse Linux Enterprise Module For Manager Server 4.2

CVE-2022-31255

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.002 (48.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

  • Suse Linux Enterprise Module For Manager Server 4.2 — versions hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls
  • Suse Linux Enterprise Module For Manager Server 4.3 — versions spacewalk-java
  • Suse Manager Server 4.2 — versions release-notes-susemanager

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2022-31255?
CVE-2022-31255 is a medium-severity vulnerability in Suse Linux Enterprise Module For Manager Server 4.2, classified under Path Traversal. CVSS score: 4.3/10. Published 2022-11-10.
How severe is CVE-2022-31255?
Medium severity. CVSS v3 base score is 4.3 out of 10.