CVE-2019-18901

low-risk

Published 2020-03-02

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.

Do I need to act?

0.10% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.1/10 Medium

LOCAL / LOW complexity

Affected Products (3)

Leap

Linux Enterprise Server

Affected Vendors

Suse Opensuse

References (4)

Broken Link http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html

Issue Tracking https://bugzilla.suse.com/show_bug.cgi?id=1160895

Broken Link http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html

Issue Tracking https://bugzilla.suse.com/show_bug.cgi?id=1160895

/ 100

low-risk

Severity 17/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 9/34 · Low