Unrated severityNVD Advisory· Published Jun 10, 2021· Updated Sep 17, 2024

python-HyperKitty: hyperkitty-permissions.sh used during %post allows local privilege escalation from hyperkitty user to root

CVE-2021-25322

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

OpenSUSE/python-HyperKittyllm-create
Range: <=1.3.2-lp152.2.3.1 for Leap 15.2; <1.3.4-5.1 for Factory
openSUSE/Factoryv5
Range: python-HyperKitty
openSUSE/Leap 15.2v5
Range: python-HyperKitty

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

python-HyperKitty: hyperkitty-permissions.sh used during %post allows local privilege escalation from hyperkitty user to root

Description

AI Insight

Affected products

Patches

Vulnerability mechanics

References

News mentions