CVE-2019-3697 — HIGH (7.7) — White Hats Nepal

Q: How severe is CVE-2019-3697?

CVE-2019-3697 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-3697?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gnump3D, Opensuse Leap.

Vulnerability Description

UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions.

CVSS Score

7.7

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Gnu	Gnump3D	<= 3.0
Opensuse	Leap	15.1

Related Weaknesses (CWE)

CWE-59

References

https://bugzilla.suse.com/show_bug.cgi?id=1154229ExploitIssue TrackingVendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1154229ExploitIssue TrackingVendor Advisory

FAQ

What is CVE-2019-3697?

CVE-2019-3697 is a vulnerability with a CVSS score of 7.7 (HIGH). UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 1...

How severe is CVE-2019-3697?

CVE-2019-3697 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3697?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gnump3D, Opensuse Leap.