CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-18897

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.1%

CVSS Severity

CVSS v3 Score 8.4

CVSS v2 Score 7.2

References

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00026.html
https://bugzilla.suse.com/show_bug.cgi?id=1157465
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00026.html
https://bugzilla.suse.com/show_bug.cgi?id=1157465

Products affected by CVE-2019-18897

Opensuse » Leap » Version: 15.1

cpe:2.3:o:opensuse:leap:15.1
Suse » Linux Enterprise Server » Version: 12

cpe:2.3:o:suse:linux_enterprise_server:12
Suse » Linux Enterprise Server » Version: 15

cpe:2.3:o:suse:linux_enterprise_server:15

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-18897

Products

Pricing

Contact Us