Lucene search

Ubuntu.comUB:CVE-2019-18901

HistoryMar 02, 2020 - 12:00 a.m.

CVE-2019-18901

2020-03-0200:00:00

ubuntu.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

A UNIX Symbolic Link (Symlink) Following vulnerability in the
mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise
Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change
the permissions of arbitrary files to 0640. This issue affects: SUSE Linux
Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux
Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.

Notes

Author	Note
leosilva	since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored.
mdeslaur	This CVE is for a SUSE specific script.

References

bugzilla.suse.com/show_bug.cgi?id=1160895

launchpad.net/bugs/cve/CVE-2019-18901

nvd.nist.gov/vuln/detail/CVE-2019-18901

security-tracker.debian.org/tracker/CVE-2019-18901

www.cve.org/CVERecord?id=CVE-2019-18901

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for UB:CVE-2019-18901