Mlocate Vulnerability Allows Arbitrary File Read by Root Users

CVE-2023-32190

Currently unrated 🤨

Key Information

Vendor: Suse
Status: Opensuse Tumbleweed
Vendor: CVE Published:; 16 October 2024

Summary

mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges.

Affected Version(s)

openSUSE Tumbleweed < 0.26-37.1

Timeline

Vulnerability published.
Oct 16, 2024
Vulnerability Reserved.
May 4, 2023

Collectors

NVD DatabaseMitre Database

Credit

Johannes Segitz of SUSE