Описание
A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.49-4.2 (включая)
Одновременно
cpe:2.3:a:opensuse:munin:*:*:*:*:*:*:*:*
cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 2.0.40-lp151.1.1 (включая)
Одновременно
cpe:2.3:a:suse:munin:*:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.0012
Низкий
7.7 High
CVSS3
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-59
CWE-59
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions.
EPSS
Процентиль: 31%
0.0012
Низкий
7.7 High
CVSS3
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-59
CWE-59