CVE-2019-3691

Опубликовано: 23 янв. 2020

Источник: nvd

CVSS3: 7.7

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1.

Ссылки

https://bugzilla.suse.com/show_bug.cgi?id=1155075
Exploit
Issue Tracking
Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1155075
Exploit
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:opensuse:munge:*:*:*:*:*:*:*:*

Версия до 0.5.13-4.3.1 (исключая)

cpe:2.3:o:suse:suse_linux_enterprise_server:15:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:a:opensuse:munge:*:*:*:*:*:*:*:*

Версия до 0.5.13-6.1 (исключая)

cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00147

Низкий

7.7 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-59

Связанные уязвимости

openSUSE-SU-2019:2670-1

suse-cvrf

около 6 лет назад

Security update for munge

SUSE-SU-2020:1144-1

suse-cvrf

почти 6 лет назад

Security update for munge

SUSE-SU-2019:3190-1

suse-cvrf

около 6 лет назад

Security update for munge

GHSA-q63p-x3h7-v3p5

CVSS3: 7.8

github

больше 3 лет назад

A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1.

EPSS

Процентиль: 36%

0.00147

Низкий

7.7 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-59