CVE-2023-32182

5.9MEDIUM

Key Information

Vendor: Suse
Status: Suse Linux Enterprise Desktop 15 Sp5; Suse Linux Enterprise High Performance Computing 15 Sp5; Opensuse Leap 15.5
Vendor: CVE Published:; 19 September 2023

Summary

A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.

Affected Version(s)

SUSE Linux Enterprise Desktop 15 SP5 < 3.7.3-150500.3.5.1

SUSE Linux Enterprise High Performance Computing 15 SP5 < 3.7.3-150500.3.5.1

openSUSE Leap 15.5 < 3.7.3-150500.3.5.1

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 7.8 to: 5.9 - (MEDIUM)
Sep 24, 2024
Vulnerability published.
Sep 19, 2023
Vulnerability Reserved.
May 4, 2023

Collectors

NVD DatabaseMitre Database

Credit

Matthias Gerstner of SUSE