CVE-2019-3692 — Link Following in Factory

CWE-59 — Link Following3 documents3 sources

Severity

7.8HIGHNVD

CNA7.7

EPSS

0.2%

top 61.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Factory Opensuse Leap 15.1 Suse Linux Enterprise Server 11 +3 more

Timeline

PublishedJan 24

Latest updateMay 24

Description

The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5suse/suse_linux_enterprise_server_11inn — 2.4.2-170.21.3.1

▶CVEListV5opensuse/factoryinn — 2.6.2-2.2

▶CVEListV5opensuse/leap_15.1inn — 2.5.4-lp151.2.47

▶NVDopensuse/leap15.1

▶NVDopensuse/backports_sle15.0

🔴Vulnerability Details

GHSA

GHSA-666m-88c3-537x: The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15↗2022-05-24

▶

CVEList

Local privilege escalation from user news to root in the packaging of inn↗2020-01-24

▶