Vulnerability Description
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Suse | Trousers | < 0.3.14-6.3.1 |
| Suse | Suse Linux Enterprise Server | 15 |
| Suse | Opensuse Factory | - |
| Opensuse | Leap | 15.1 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00066.htmlMailing ListThird Party Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1157651ExploitIssue TrackingVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00066.htmlMailing ListThird Party Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1157651ExploitIssue TrackingVendor Advisory
FAQ
What is CVE-2019-18898?
CVE-2019-18898 is a vulnerability with a CVSS score of 7.7 (HIGH). UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root....
How severe is CVE-2019-18898?
CVE-2019-18898 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-18898?
Check the references section above for vendor advisories and patch information. Affected products include: Suse Trousers, Suse Suse Linux Enterprise Server, Suse Opensuse Factory, Opensuse Leap.