CVE-2023-32190

Summary

mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges.

Affected Software

VendorProductVersion RangeStatus
SUSEopenSUSE Tumbleweed? < 0.26-37.1affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References