Local privilege escalation from user munge to root
CVE-2019-3691
7.7HIGH
Key Information
- Vendor
- Suse
- Status
- Suse Linux Enterprise Server 15
- Factory
- Vendor
- CVE Published:
- 23 January 2020
Summary
A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1.
Affected Version(s)
SUSE Linux Enterprise Server 15 < 0.5.13-4.3.1
Factory < 0.5.13-6.1
CVSS V3.1
Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: 7.8 to: 7.7 - (HIGH)
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Johannes Segitz from SUSE