CVE-2021-25322
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Summary
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| openSUSE | Leap 15.2 | python-HyperKitty <= 1.3.2-lp152.2.3.1 | affected |
| openSUSE | Factory | python-HyperKitty < 1.3.4-5.1 | affected |
Weaknesses
- CWE-61: CWE-61: UNIX Symbolic Link (Symlink) Following
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.