CVE-2023-32182

Exploit

EPSS 0.02%
Veröffentlicht 19.09.2023 16:15:09
Zuletzt bearbeitet 21.11.2024 08:02:51
Quelle meissner@suse.de
Teams Watchlist Login
Unerledigt Login

A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Opensuse ≫ Leap Version15.5

Suse ≫ Linux Enterprise High Performance Computing Version15.0 Updatesp5 SwEdition-

Suse ≫ Suse Linux Enterprise Desktop Version15 Updatesp5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.044

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
meissner@suse.de	5.9	2.5	3.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2023-32182

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-32182

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-32182

EUVD