VDB
CVE-2019-3690
CVE-2019-3690
PUBLISHED
CVSS 6.800000190734863 MEDIUM
The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges.
EPSS 0.10% · 27.3th percentile
Risk Scores
CVSS 3.1
6.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS Score
0.10%
27.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| opensuse | leap | 15.1 |
| SUSE | permissions | * |
Exploit Intelligence
- CIRCL seen: CVE-2019-3690 (circl-sighting)
- openSUSE-SU-2019:2672 (circl)
- https://bugzilla.suse.com/show_bug.cgi?id=1150734 (circl)
Timeline
- Dec 5, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- openSUSE-SU-2019:2672 vendor-advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1150734 url
- https://nvd.nist.gov/vuln/detail/CVE-2019-3690 advisory