CVE-2019-18901

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.1 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
suseCNA
5.1 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
opensuseleap
15.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mariadb-10.0
eoan
dne
bionic
dne
xenial
not-affected
trusty
dne
mariadb-10.1
eoan
dne
bionic
not-affected
xenial
dne
trusty
dne
mariadb-10.3
eoan
not-affected
bionic
dne
xenial
dne
trusty
dne
mariadb-5.5
eoan
dne
bionic
dne
xenial
dne
trusty
dne
mysql-5.5
eoan
dne
bionic
dne
xenial
dne
vivid
dne
trusty
not-affected
mysql-5.6
eoan
dne
bionic
dne
xenial
dne
trusty
dne
mysql-5.7
eoan
dne
bionic
not-affected
xenial
not-affected
trusty
dne
mysql-8.0
eoan
not-affected
bionic
dne
xenial
dne
trusty
dne
percona-server-5.6
eoan
dne
bionic
dne
xenial
not-affected
trusty
dne
percona-xtradb-cluster-5.5
eoan
dne
bionic
dne
xenial
dne
trusty
dne
percona-xtradb-cluster-5.6
eoan
dne
bionic
dne
xenial
not-affected
trusty
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html
https://bugzilla.suse.com/show_bug.cgi?id=1160895
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html
https://bugzilla.suse.com/show_bug.cgi?id=1160895