VDB
CVE-2019-3698
CVE-2019-3698
PUBLISHED
CVSS 5.699999809265137 MEDIUM
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.
EPSS 0.18% · 38.9th percentile
Risk Scores
CVSS 3.1
5.699999809265137
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
EPSS Score
0.18%
38.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | backports_sle | 15.0 |
| openSUSE | Factory | nagios |
| nagios | nagios | 0, 0 |
| SUSE | SUSE Linux Enterprise Server 12 | nagios |
| SUSE | SUSE Linux Enterprise Server 11 | * |
Exploit Intelligence
- openSUSE-SU-2020:0500 (circl)
- openSUSE-SU-2020:0517 (circl)
- https://bugzilla.suse.com/show_bug.cgi?id=1156309 (nist-nvd)
Timeline
- Feb 28, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- openSUSE-SU-2020:0500 vendor-advisory
- openSUSE-SU-2020:0517 vendor-advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1156309 url
- https://nvd.nist.gov/vuln/detail/CVE-2019-3698 advisory