mysql-systemd-helper allows setting 640 permissions of arbitrary files
CVE-2019-18901

5.1MEDIUM

Key Information:

Vendor: Suse
Status: Suse Linux Enterprise Server 12; Suse Linux Enterprise Server 15
Vendor: CVE Published:; 2 March 2020

What is CVE-2019-18901?

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.

Affected Version(s)

SUSE Linux Enterprise Server 12 mariadb < 10.2.31-3.25.1

SUSE Linux Enterprise Server 15 mariadb < 10.2.31-3.26.1

References

http://lists.opensuse.org/opensuse-security-announce/2020...

vendor-advisoryx_refsource_SUSE

https://bugzilla.suse.com/show_bug.cgi?id=1160895

x_refsource_CONFIRM

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2020
Vulnerability Reserved
Nov 12, 2019

Credit

Matthias Gerstner

Suse

What is CVE-2019-18901?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit