CVE-2022-45153: 
Linux openSUSE vulnerability analysis and mitigation

An Incorrect Default Permissions vulnerability was discovered in saphanabootstrap-formula affecting SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5, and openSUSE Leap 15.4. The vulnerability allows local attackers to escalate to root privileges by manipulating the sudo configuration that is created. This vulnerability affects versions prior to 0.13.1+git.1667812208.4db963e (SUSE NVD).

The vulnerability exists in the hana/hacluster.sls file where problematic code handling sudoers configuration allows arbitrary users to write to /tmp/sudoers. The code uses file.copy operations without proper permissions validation, which enables local users to place arbitrary sudoers configurations that get copied into /etc/sudoers. The vulnerability received a CVSS v3.1 Base Score of 7.8 HIGH with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ([SUSE Bugzilla](https://bugzilla.suse.com/showbug.cgi?id=1205990)).

A successful exploitation of this vulnerability allows local attackers to escalate their privileges to root by manipulating the sudo configuration. This gives attackers complete control over the affected system with highest privileges (SUSE NVD).

The issue has been fixed in version 0.13.1+git.1667812208.4db963e. The fix involves changing the code to no longer use a tmp file or touch /etc/sudoers directly. Instead, it creates a new file (/etc/sudoers.d/SAPHanaSR) with proper permissions and validates the configuration using visudo before implementation (SUSE Bugzilla).