Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
python-HyperKitty: hyperkitty-permissions.sh used during %post allows local privilege escalation from hyperkitty user to root
Vulnerability Description
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
CWE-61
Vulnerability Title
SUSE openSUSE 安全漏洞
Vulnerability Description
openSUSE是德国SUSE公司的一套基于Linux的自由操作系统与开源社区项目。 openSUSE Leap 存在安全漏洞,该漏洞源于在openSUSE Leap 15.2的python-HyperKitty漏洞之后,Factory允许将用户hyperkitty或hyperkitty-admin的权限升级为root。攻击者可利用该漏洞获取到最高权限进而执行任意操作。
CVSS Information
N/A
Vulnerability Type
N/A