Vulnerabilities > CVE-2021-25322 - Unspecified vulnerability in Python-Hyperkitty Project Python-Hyperkitty

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

python-hyperkitty-project

NVD

Published: 2021-06-10

Updated: 2023-06-22

Summary

A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1.

Vulnerable Configurations

Part	Description	Count
Application	Python-Hyperkitty_Project Python Hyperkitty Project Python Hyperkitty - Python Hyperkitty Project Python Hyperkitty 1.3.0 Python Hyperkitty Project Python Hyperkitty 1.3.1 Python Hyperkitty Project Python Hyperkitty 1.3.2 Python Hyperkitty Project Python Hyperkitty 1.3.2-Lp152.2.3.1 Python Hyperkitty Project Python Hyperkitty 1.3.3 Python Hyperkitty Project Python Hyperkitty 1.3.4	7
Application	Opensuse Opensuse Factory -	1
OS	Opensuse Opensuse Leap 15.2	1

References

https://bugzilla.suse.com/show_bug.cgi?id=1182373