CVE-2019-18901
Last modified
CVE-2019-18901 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Leap | 15.1 |
| Suse | Linux Enterprise Server | 12 |
| Suse | Linux Enterprise Server | 15 |
References
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.htmlBroken Link, Mailing List, Vendor Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1160895Issue Tracking, Vendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.htmlBroken Link, Mailing List, Vendor Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1160895Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-18901?
How severe is CVE-2019-18901?
How do I fix CVE-2019-18901?
Are you affected by CVE-2019-18901?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST