Unrated severityNVD Advisory· Published Mar 2, 2020· Updated Sep 17, 2024
Local privilege escalation from user salt to root
CVE-2019-18897
Description
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions.
Affected products
21- osv-coords18 versionspkg:rpm/opensuse/salt&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/python-singledispatch&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012pkg:rpm/suse/python-singledispatch&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2012%20SP2pkg:rpm/suse/python-singledispatch&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/python-singledispatch&distro=SUSE%20Manager%20Proxy%203.2pkg:rpm/suse/python-singledispatch&distro=SUSE%20Manager%20Server%203.2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2012%20SP2pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/salt&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/salt&distro=SUSE%20Manager%20Proxy%203.2pkg:rpm/suse/salt&distro=SUSE%20Manager%20Server%203.2
< 2019.2.0-lp151.5.12.1+ 17 more
- (no CPE)range: < 2019.2.0-lp151.5.12.1
- (no CPE)range: < 3.4.0.3-1.5.1
- (no CPE)range: < 3.4.0.3-1.5.1
- (no CPE)range: < 3.4.0.3-1.5.1
- (no CPE)range: < 3.4.0.3-1.5.1
- (no CPE)range: < 3.4.0.3-1.5.1
- (no CPE)range: < 2019.2.0-5.64.1
- (no CPE)range: < 2019.2.0-5.64.1
- (no CPE)range: < 2019.2.0-46.88.1
- (no CPE)range: < 2019.2.0-6.24.1
- (no CPE)range: < 2019.2.0-6.24.1
- (no CPE)range: < 2019.2.0-6.24.1
- (no CPE)range: < 2019.2.0-46.88.1
- (no CPE)range: < 2019.2.0-5.64.1
- (no CPE)range: < 2019.2.0-5.64.1
- (no CPE)range: < 2019.2.0-46.88.1
- (no CPE)range: < 2019.2.0-46.88.1
- (no CPE)range: < 2019.2.0-46.88.1
- openSUSE/Factoryv5Range: salt-master
- SUSE/SUSE Linux Enterprise Server 12v5Range: salt-master
- SUSE/SUSE Linux Enterprise Server 15v5Range: salt-master
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- lists.opensuse.org/opensuse-security-announce/2020-03/msg00026.htmlmitrevendor-advisoryx_refsource_SUSE
- bugzilla.suse.com/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.