CVE-2019-18901 — MEDIUM (5.1)

Vulnerability Description

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.

CVSS Score

5.1

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Opensuse	Leap	15.1
Suse	Linux Enterprise Server	12

Related Weaknesses (CWE)

CWE-59

References

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.htmlBroken LinkMailing ListVendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1160895Issue TrackingVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.htmlBroken LinkMailing ListVendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1160895Issue TrackingVendor Advisory

FAQ

What is CVE-2019-18901?

CVE-2019-18901 is a vulnerability with a CVSS score of 5.1 (MEDIUM). A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers t...

How severe is CVE-2019-18901?

CVE-2019-18901 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-18901?

Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Leap, Suse Linux Enterprise Server.