Vulnerabilities > CVE-2021-31997 - Unspecified vulnerability in Opensuse Python-Postorius 1.3.2Lp152.1.2

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

opensuse

NVD

Published: 2021-06-10

Updated: 2024-11-21

Summary

A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions.

Vulnerable Configurations

Part	Description	Count
Application	Opensuse Opensuse Python Postorius - Opensuse Python Postorius 1.3.2-Lp152.1.2 Opensuse Factory -	3
OS	Opensuse Opensuse Leap 15.2	1

References

https://bugzilla.suse.com/show_bug.cgi?id=1182407
https://bugzilla.suse.com/show_bug.cgi?id=1182407