CVE-2019-3692
Severity CVSS v4.0:
Pending analysis
Type:
CWE-59
Link Following
Publication date:
24/01/2020
Last modified:
16/11/2022
Description
The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:suse:inn:*:*:*:*:*:*:*:* | 2.4.2-170.21.3.1 (including) | |
| cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:* | ||
| cpe:2.3:a:suse:inn:*:*:*:*:*:*:*:* | 2.6.2-2.2 (including) | |
| cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:suse:inn:*:*:*:*:*:*:*:* | 2.5.4-lp151.2.47 (including) | |
| cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page