CVE-2018-19638

In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.
Configurations

Configuration 1 (hide)

cpe:2.3:a:opensuse:supportutils:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:58

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html - () http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html -
References () https://bugzilla.suse.com/show_bug.cgi?id=1118460 - () https://bugzilla.suse.com/show_bug.cgi?id=1118460 -
CVSS v2 : 3.3
v3 : 4.7
v2 : 3.3
v3 : 2.2

Information

Published : 2019-03-05 16:29

Updated : 2024-11-21 03:58


NVD link : CVE-2018-19638

Mitre link : CVE-2018-19638

CVE.ORG link : CVE-2018-19638


JSON object : View

Products Affected

opensuse

  • supportutils
CWE
CWE-377

Insecure Temporary File

CWE-59

Improper Link Resolution Before File Access ('Link Following')