CVE-2019-3698

CWE-593 documents3 sources

Severity

7.0HIGH

EPSS

0.2%

top 60.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nagios Nagios Opensuse Factory Suse Suse Linux Enterprise Server 11 +3 more

Timeline

PublishedFeb 28

Latest updateMay 24

Description

UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and p…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:LExploitability: 1.4 | Impact: 4.2

Affected Packages6 packages

▶CVEListV5suse/suse_linux_enterprise_server_11nagios — 3.0.6-1.25.36.3.1

▶CVEListV5suse/suse_linux_enterprise_server_12nagios — 3.5.1-5.27

▶CVEListV5opensuse/factorynagios — 4.4.5-2.1

▶NVDopensuse/leap15.1

▶NVDopensuse/backports_sle15.0

Patches

Patch: bugzilla.suse.com ↗Patch: bugzilla.suse.com ↗

🔴Vulnerability Details

GHSA

GHSA-q8m8-7jgv-237q: UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Serv↗2022-05-24

▶

CVEList

nagios cron job allows privilege escalation from user nagios to root↗2020-02-28

▶