Описание
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue affects Tumbleweed: from ? before 2.11.29.
A flaw was found in the traefik2 package of OpenSUSE and its derived distributions. This issue occurs due to an insecure chown call in the %post section of the traefik2 package, allowing the traefik user to obtain ownership of arbitrary files on the system when the traefik2 package is reinstalled or upgraded.
Отчет
This flaw is specific to OpenSUSE and derived distributions. Therefore, Red Hat products are not affected by this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Dev Spaces | devspaces/configbump-rhel9 | Not affected | ||
| Red Hat OpenShift Dev Spaces | devspaces/dashboard-rhel9 | Not affected | ||
| Red Hat OpenShift Dev Spaces | devspaces/devspaces-rhel9-operator | Not affected | ||
| Red Hat OpenShift Dev Spaces | devspaces/imagepuller-rhel9 | Not affected | ||
| Red Hat OpenShift Dev Spaces | devspaces-tech-preview/jetbrains-ide-rhel9 | Not affected | ||
| Red Hat OpenShift Dev Spaces | devspaces/traefik-rhel9 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue affects Tumbleweed: from ? before 2.11.29.
EPSS
7.8 High
CVSS3