fkie_cve-2021-25322
Vulnerability from fkie_nvd
Published
2021-06-10 12:15
Modified
2024-11-21 05:54
Severity ?
6.8 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| meissner@suse.de | https://bugzilla.suse.com/show_bug.cgi?id=1182373 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=1182373 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| python-hyperkitty_project | python-hyperkitty | * | |
| opensuse | leap | 15.2 | |
| python-hyperkitty_project | python-hyperkitty | * | |
| opensuse | factory | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:python-hyperkitty_project:python-hyperkitty:*:*:*:*:*:*:*:*", matchCriteriaId: "E53ACCC7-5C64-4CB8-9680-79214281D008", versionEndIncluding: "1.3.2-lp152.2.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:python-hyperkitty_project:python-hyperkitty:*:*:*:*:*:*:*:*", matchCriteriaId: "51CCC2D1-E66D-4CE8-B91A-E711A9AAF78B", versionEndExcluding: "1.3.4-5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*", matchCriteriaId: "E29492E1-43D8-43BF-94E3-26A762A66FAA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1.", }, { lang: "es", value: "Una vulnerabilidad de seguimiento de enlaces simbólicos UNIX (Symlink) en python-HyperKitty de openSUSE Leap 15.2, Factory permite a atacantes locales escalar privilegios del usuario hyperkitty o hyperkitty-admin a root. Este problema afecta a: openSUSE Leap 15.2 python-HyperKitty versión 1.3.2-lp152.2.3.1 y versiones anteriores. openSUSE Factory python-HyperKitty versiones anteriores a 1.3.4-5.1", }, ], id: "CVE-2021-25322", lastModified: "2024-11-21T05:54:44.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 4.2, source: "meissner@suse.de", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-10T12:15:08.523", references: [ { source: "meissner@suse.de", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1182373", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1182373", }, ], sourceIdentifier: "meissner@suse.de", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-61", }, ], source: "meissner@suse.de", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.