Lucene search

[email protected]CVE-2019-3696

HistoryMar 03, 2020 - 11:15 a.m.

CVE-2019-3696

2020-03-0311:15:11

CWE-22

[email protected]

web.nvd.nist.gov

129

cve-2019-3696

vulnerability

pathname limitation

suse linux enterprise

hpc

opensuse leap

security issue

nvd

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.0%

JSON

A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.

Affected configurations

NVD

Node

opensusepcpRange<3.11.9-5.8.1

AND

suselinux_enterprise_high_performance_computingMatch15.0espos

suselinux_enterprise_high_performance_computingMatch15.0ltss

suselinux_enterprise_serverMatch15

suselinux_enterprise_serverMatch15ltss

suselinux_enterprise_serverMatch15sap

Node

opensusepcpRange<4.3.1-3.5.3

AND

suselinux_enterprise_serverMatch15sp1

Node

opensusepcpRange<3.11.9-6.14.1

AND

suselinux_enterprise_software_development_kitMatch12sp4

suselinux_enterprise_software_development_kitMatch12sp5

Node

opensusepcpRange<4.3.1-lp151.2.3.1

AND

opensuseleapMatch15.1

CPENameOperatorVersion
opensuse:pcpopensuse pcplt3.11.9-5.8.1

CPE	Name	Operator	Version
opensuse:pcp	opensuse pcp	lt	3.11.9-5.8.1

CNA Affected

[
  {
    "product": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "3.11.9-5.8.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "3.11.9-5.8.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Module for Development Tools 15",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "3.11.9-5.8.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Module for Development Tools 15-SP1",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "4.3.1-3.5.3",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "3.11.9-5.8.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server 15-LTSS",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "3.11.9-5.8.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Server for SAP 15",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "3.11.9-5.8.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Software Development Kit 12-SP4",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "3.11.9-6.14.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "SUSE Linux Enterprise Software Development Kit 12-SP5",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "3.11.9-6.14.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "openSUSE Leap 15.1",
    "vendor": "openSUSE",
    "versions": [
      {
        "lessThan": "4.3.1-lp151.2.3.1",
        "status": "affected",
        "version": "pcp",
        "versionType": "custom"
      }
    ]
  }
]