CVE-2021-32000

CWE-59 CWE-61 CWE-345 CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

7.1HIGH

EPSS

0.0%

top 95.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Factory Suse Suse Linux Enterprise Server 12 SP3 Suse Suse Linux Enterprise Server 15 SP1 +1 more

Timeline

PublishedJul 28

Latest updateMay 24

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-ma…

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:LExploitability: 0.7 | Impact: 2.5

Affected Packages4 packages

▶CVEListV5suse/suse_linux_enterprise_server_12_sp3clone-master-clean-up — 1.6-4.6.1

▶CVEListV5suse/suse_linux_enterprise_server_15_sp1clone-master-clean-up — 1.6-3.9.1

▶NVDsuse/linux_enterprise_server12, 15+1

▶CVEListV5opensuse/factoryclone-master-clean-up — 1.6-1.4

Patches

Patch: bugzilla.suse.com ↗Patch: bugzilla.suse.com ↗

🔴Vulnerability Details

GHSA

GHSA-54r8-8cq2-5p82: A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up↗2022-05-24

▶

CVEList

clone-master-clean-up: dangerous file system operations↗2021-07-28

▶

GHSA

ReDoS in Sec-Websocket-Protocol header↗2021-05-28

▶