CVE-2019-3690 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-3690 PUBLISHED CVSS 6.800000190734863 MEDIUM

The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges.

EPSS 0.10% · 27.7th percentile

Risk Scores

CVSS v3.1

6.800000190734863

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

EPSS Score

0.10%

27.7th percentile

Affected Products

Vendor	Product	Versions
opensuse	leap	15.1
SUSE	permissions	unspecified

Timeline

Dec 5, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score

References

openSUSE-SU-2019:2672 vendor-advisory
https://bugzilla.suse.com/show_bug.cgi?id=1150734 url
https://nvd.nist.gov/vuln/detail/CVE-2019-3690 advisory

Open in Interactive Console →