mysql-systemd-helper allows setting 640 permissions of arbitrary files

CVE-2019-18901

5.1MEDIUM

Key Information

Vendor: Suse
Status: Suse Linux Enterprise Server 12; Suse Linux Enterprise Server 15
Vendor: CVE Published:; 2 March 2020

Summary

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.

Affected Version(s)

SUSE Linux Enterprise Server 12 < 10.2.31-3.25.1

SUSE Linux Enterprise Server 15 < 10.2.31-3.26.1

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 5.5 to: 5.1 - (MEDIUM)
Feb 22, 2024
Vulnerability published.
Mar 2, 2020
Vulnerability Reserved.
Nov 12, 2019

Collectors

NVD DatabaseMitre Database

Credit

Matthias Gerstner