← volver
CVE-2018-19638

User can overwrite arbitrary log files in support tar

CVSS 2.2 LOWEPSS 0.4%CWE-377
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
Productos afectados
SUSE · supportutils

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.htmlhttps://bugzilla.suse.com/show_bug.cgi?id=1118460