CVE-2019-3694

CWE-593 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 69.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Opensuse FactoryOpensuse Leap 15.1Opensuse Munin+1 more
Timeline
PublishedJan 24
Latest updateMay 24

Description

A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.5 | Impact: 5.2

Affected Packages4 packages

NVDopensuse/munin2.0.49-4.2
CVEListV5opensuse/factorymunin2.0.49-4.2
CVEListV5opensuse/leap_15.1munin2.0.40-lp151.1.1
NVDsuse/munin2.0.40-lp151.1.1

🔴Vulnerability Details

2
GHSA
GHSA-w24q-f35x-3g4m: A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 152022-05-24
CVEList
Local privilege escalation from munin to root in the packaging of munin2020-01-24
CVE-2019-3694 (HIGH CVSS 7.8) | A Symbolic Link (Symlink) Following | cvebase.io