A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00026.html | Broken Link Mailing List Vendor Advisory |
https://bugzilla.suse.com/show_bug.cgi?id=1157465 | Issue Tracking Vendor Advisory |
Configurations
History
03 Dec 2022, 02:20
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00026.html - Broken Link, Mailing List, Vendor Advisory |
Information
Published : 2020-03-02 16:15
Updated : 2024-02-04 20:39
NVD link : CVE-2019-18897
Mitre link : CVE-2019-18897
CVE.ORG link : CVE-2019-18897
JSON object : View
Products Affected
opensuse
- leap
suse
- linux_enterprise_server
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')