SuseCVELIST:CVE-2021-25322CVE-2021-25322 python-HyperKitty: hyperkitty-permissions.sh used during %post allows local privilege escalation from hyperkitty user to root
6.8 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
0.0004 Low
EPSS
Percentile
5.1%
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1.
CNA Affected
[
{
"product": "Leap 15.2",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "1.3.2-lp152.2.3.1",
"status": "affected",
"version": "python-HyperKitty",
"versionType": "custom"
}
]
},
{
"product": "Factory",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "1.3.4-5.1",
"status": "affected",
"version": "python-HyperKitty",
"versionType": "custom"
}
]
}
]Related
6.8 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
0.0004 Low
EPSS
Percentile
5.1%