Unrated severityNVD Advisory· Published Jun 10, 2021· Updated Sep 16, 2024

python-postorius: postorius-permissions.sh used during %post allows local privilege escalation from postorius user to root

CVE-2021-31997

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

OpenSUSE/python-postoriusllm-create
Range: <=1.3.2-lp152.1.2 for Leap 15.2; <=1.3.4-2.1 for Factory
openSUSE/Factoryv5
Range: python-postorius
openSUSE/Leap 15.2v5
Range: python-postorius

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

python-postorius: postorius-permissions.sh used during %post allows local privilege escalation from postorius user to root

Description

AI Insight

Affected products

Patches

Vulnerability mechanics

References

News mentions