CVE-2019-3694

Summary

A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions.

Affected Software

VendorProductVersion RangeStatus
openSUSEFactorymunin <= 2.0.49-4.2affected
openSUSELeap 15.1munin <= 2.0.40-lp151.1.1affected

Weaknesses

  • CWE-59: CWE-59: Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CVE Program Container

Additional References

References