clone-master-clean-up: dangerous file system operations

CVE-2021-32000

3.2LOW

Key Information

Vendor: Suse
Status: Suse Linux Enterprise Server 12 Sp3; Suse Linux Enterprise Server 15 Sp1; Factory
Vendor: CVE Published:; 28 July 2021

Summary

A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-up version 1.6-1.4 and prior versions.

Affected Version(s)

SUSE Linux Enterprise Server 12 SP3 <= 1.6-4.6.1

SUSE Linux Enterprise Server 15 SP1 <= 1.6-3.9.1

Factory <= 1.6-1.4

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: 7.1 to: 3.2 - (LOW)
Feb 22, 2024
Vulnerability published.
Jul 28, 2021
Vulnerability Reserved.
May 3, 2021

Collectors

NVD DatabaseMitre Database

Credit

Matthias Gerstner of SUSE