Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
python-postorius: postorius-permissions.sh used during %post allows local privilege escalation from postorius user to root
Vulnerability Description
A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
openSUSE 后置链接漏洞
Vulnerability Description
openSUSE是德国SUSE公司的一套基于Linux的自由操作系统与开源社区项目。 openSUSE 存在后置链接漏洞,该漏洞允许本地攻击者从用户postorius或postorius-admin升级到root。以下产品及版本受到影响:openSUSE Leap 15.2 python-postorius 1.3.2-lp152.1.2版本及之前版本, openSUSE Factory python-postorius 1.3.4-2.1 版本及之前版本。
CVSS Information
N/A
Vulnerability Type
N/A