CVE-2023-32182

A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182	Exploit Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:opensuse:leap:15.5:::::::*
	cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp5:::-:::*
	cpe:2.3:o:suse:suse_linux_enterprise_desktop:15:sp5::::::

History

25 Sep 2023, 16:32

Type	Values Removed	Values Added
CPE		cpe:2.3:o:opensuse:leap:15.5:::::::* cpe:2.3:o:suse:suse_linux_enterprise_desktop:15:sp5:::::: cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp5:::-:::*
First Time		Suse Suse suse Linux Enterprise Desktop Opensuse leap Suse linux Enterprise High Performance Computing Opensuse
References	~~(MISC) https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182 -~~	(MISC) https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182 - Exploit, Issue Tracking
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8

19 Sep 2023, 17:57

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-19 16:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-32182

Mitre link : CVE-2023-32182

CVE.ORG link : CVE-2023-32182

JSON object : View

Products Affected

opensuse

leap

suse

linux_enterprise_high_performance_computing
suse_linux_enterprise_desktop

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2023-32182", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "meissner@suse.de", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.5}]}, "published": "2023-09-19T16:15:09.347", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182", "tags": ["Exploit", "Issue Tracking"], "source": "meissner@suse.de"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "meissner@suse.de", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de Resoluci\u00f3n de Enlace Incorrecta Antes del Acceso a Archivos ('Link Following') en SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix. Este problema afecta a SUSE Linux Enterprise Desktop 15 SP5 : antes de 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: anterior a 3.7.3-150500.3.5.1; openSUSE Leap 15.5: anterior a 3.7.3-150500.3.5.1."}], "lastModified": "2023-09-25T16:32:30.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E79D3E16-E284-40C6-916E-2EE78102BF4A"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp5:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "26F5E65A-CC1E-43D7-8181-53ACF3D04D01"}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:15:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35EE4FDE-ED2C-49FB-AA39-39C6888B295D"}], "operator": "OR"}]}], "sourceIdentifier": "meissner@suse.de"}