CVE-2019-3699

Summary

UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions.

Affected Software

VendorProductVersion RangeStatus
openSUSELeap 15.1privoxy <= 3.0.28-lp151.1.1affected
openSUSEFactoryprivoxy <= 3.0.28-2.1affected

Weaknesses

  • CWE-59: CWE-59: Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CVE Program Container

Additional References

References