CVE-2019-3690

high

Description

The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges.

References

https://bugzilla.suse.com/show_bug.cgi?id=1150734

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00024.html

Details

Source: Mitre, NVD

Published: 2019-12-05

Updated: 2020-11-20

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H