A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path components, allowing local attackers with access to a group what can write to a location included in the path to a privileged binary to influence path resolution. This issue affects: SUSE Linux Enterprise Server 12-SP5 permissions versions before 20170707. openSUSE Leap 15.3 permissions versions before 20200127. openSUSE Leap 15.4 permissions versions before 20201225. openSUSE Leap Micro 5.2 permissions versions before 20181225.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
suse linux enterprise server 12 |
||
opensuse leap 15.3 |
||
opensuse leap micro 5.2 |
||
opensuse leap 15.4 |