VDB
CVE-2019-3692
CVE-2019-3692
PUBLISHED
CVSS 7.699999809265137 HIGH
The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions.
EPSS 0.17% · 37.8th percentile
Risk Scores
CVSS 3.1
7.699999809265137
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.17%
37.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE | SUSE Linux Enterprise Server 11 | inn |
| opensuse | backports_sle | 15.0 |
| suse | inn | 0, 0, 0 |
| opensuse | leap | 15.1 |
| openSUSE | Leap 15.1 | * |
| openSUSE | Factory | inn |
Exploit Intelligence
- https://bugzilla.suse.com/show_bug.cgi?id=1154302 (nist-nvd)
- openSUSE-SU-2020:0234 (circl)
- openSUSE-SU-2020:0242 (circl)
Timeline
- Jan 24, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- openSUSE-SU-2020:0234 vendor-advisory
- openSUSE-SU-2020:0242 vendor-advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1154302 url
- https://nvd.nist.gov/vuln/detail/CVE-2019-3692 advisory