CVE-2019-18901 MEDIUM

CVE-2019-18901: mysql-systemd-helper allows setting 640 permissions of arbitrary files

Vendor Suse
Product SUSE Linux Enterprise Server 12
Weakness CWE-59
Published March 2, 2020
Last update September 17, 2024

CVSS base score

5.1/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

What the vulnerability does

01Description

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.

Key dates

02Disclosure timeline

March 2, 2020 CVE published
September 17, 2024 Record updated