VDB
CVE-2019-3693
CVE-2019-3693
PUBLISHED
CVSS 7.699999809265137 HIGH
A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions.
EPSS 0.17% · 37.8th percentile
Risk Scores
CVSS 3.1
7.699999809265137
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.17%
37.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE | SUSE Linux Enterprise Server 11 | mailman |
| SUSE | SUSE Linux Enterprise Server 12 | mailman |
| openSUSE | Leap 15.1 | * |
| opensuse | backports_sle | 15.0 |
| suse | mailman | 0, 0, 0 |
Exploit Intelligence
- openSUSE-SU-2020:0148 (circl)
- openSUSE-SU-2020:0156 (circl)
- https://bugzilla.suse.com/show_bug.cgi?id=1154328 (circl)
Timeline
- Jan 24, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- openSUSE-SU-2020:0148 vendor-advisory
- openSUSE-SU-2020:0156 vendor-advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1154328 url
- https://nvd.nist.gov/vuln/detail/CVE-2019-3693 advisory