CVE-2019-3691
published 2020-01-23CVE-2019-3691: A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opensuse | factory | >= munge < 0.5.13-6.1 | 0.5.13-6.1 |
| opensuse | munge | < 0.5.13-4.3.1 | 0.5.13-4.3.1 |
| opensuse | munge | < 0.5.13-6.1 | 0.5.13-6.1 |
| suse | suse_linux_enterprise_server_15 | >= munge < 0.5.13-4.3.1 | 0.5.13-4.3.1 |