CVE-2023-32182

A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182	Exploit Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182	Exploit Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:opensuse:leap:15.5:::::::*
	cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp5:::-:::*
	cpe:2.3:o:suse:suse_linux_enterprise_desktop:15:sp5::::::

History

21 Nov 2024, 08:02

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-19 16:15

Updated : 2024-11-21 08:02

NVD link : CVE-2023-32182

Mitre link : CVE-2023-32182

CVE.ORG link : CVE-2023-32182

JSON object : View

Products Affected

suse

linux_enterprise_high_performance_computing
suse_linux_enterprise_desktop

opensuse

leap

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2023-32182", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "meissner@suse.de", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-09-19T16:15:09.347", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182", "tags": ["Exploit", "Issue Tracking"], "source": "meissner@suse.de"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182", "tags": ["Exploit", "Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "meissner@suse.de", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de Resoluci\u00f3n de Enlace Incorrecta Antes del Acceso a Archivos ('Link Following') en SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix. Este problema afecta a SUSE Linux Enterprise Desktop 15 SP5 : antes de 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: anterior a 3.7.3-150500.3.5.1; openSUSE Leap 15.5: anterior a 3.7.3-150500.3.5.1."}], "lastModified": "2024-11-21T08:02:51.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E79D3E16-E284-40C6-916E-2EE78102BF4A"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp5:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "26F5E65A-CC1E-43D7-8181-53ACF3D04D01"}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:15:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35EE4FDE-ED2C-49FB-AA39-39C6888B295D"}], "operator": "OR"}]}], "sourceIdentifier": "meissner@suse.de"}