CVE-2024-22029

Advisory lineage Upstream: 0 Downstream: 4
Deferred
Published: 16 Oct 2024, 13:20
Last modified:26 Aug 2025, 20:18

Vulnerability Summary

Overall Risk (default)
medium
31/100
CVSS Score
7.8 HIGH
v3.1 (cve.org)
EPSS Score
0.02% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

16 Oct 2024, 13:20
Published
Vulnerability first disclosed
26 Aug 2025, 20:18
Last Modified
Vulnerability information updated

Description

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root

CVSS Metrics

  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.02% Percentile: 5%

Techniques & Countermeasures

  • CWE-732Incorrect Permission Assignment for Critical Resource

    The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Affected Systems

  • susecontainer suse/manager/5.0/x86_64/server:5.0.0-beta1.2.122

    ≥ ?, < 9.0.85-150200.57.1

  • suseopensuse leap 15.5

    ≥ ?, < 9.0.85-150200.57.1

  • suseopensuse tumbleweed

    ≥ ?, < 9.0.85-3.1

  • susesuse enterprise storage 7.1

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise high performance computing 15 sp2-ltss

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise high performance computing 15 sp3-ltss

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise high performance computing 15 sp4-espos

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise high performance computing 15 sp4-ltss

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise high performance computing 15 sp5

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise high performance computing 15 sp6

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise module for web and scripting 15 sp5

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise module for web and scripting 15 sp6

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise server 15 sp2-ltss

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise server 15 sp3-ltss

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise server 15 sp4-ltss

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise server 15 sp5

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise server 15 sp6

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise server for sap applications 15 sp2

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise server for sap applications 15 sp3

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise server for sap applications 15 sp4

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise server for sap applications 15 sp5

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse linux enterprise server for sap applications 15 sp6

    ≥ ?, < 9.0.85-150200.57.1

  • susesuse manager server 4.3

    ≥ ?, < 9.0.85-150200.57.1

References (1)