Improper Link Resolution Vulnerability in SUSE Linux Products
CVE-2023-32182

5.9MEDIUM

Key Information:

Vendor: Suse
Status: Suse Linux Enterprise Desktop 15 Sp5; Suse Linux Enterprise High Performance Computing 15 Sp5; Opensuse Leap 15.5
Vendor: CVE Published:; 19 September 2023

Summary

A vulnerability exists in SUSE Linux products that allows an attacker to exploit improper link following mechanisms, potentially gaining unauthorized access to files or executing unintended actions. This issue affects multiple SUSE and openSUSE versions prior to specified patches, leading to implications for both security and data integrity.

Affected Version(s)

openSUSE Leap 15.5 ? < 3.7.3-150500.3.5.1

SUSE Linux Enterprise Desktop 15 SP5 ? < 3.7.3-150500.3.5.1

SUSE Linux Enterprise High Performance Computing 15 SP5 ? < 3.7.3-150500.3.5.1

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 19, 2023
Vulnerability Reserved
May 4, 2023

Credit

Matthias Gerstner of SUSE