CVE-2019-3694 – Local privilege escalation from munin to root in the packaging of munin
https://notcve.org/view.php?id=CVE-2019-3694
A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions. Una vulnerabilidad de tipo Symbolic Link (Symlink) Following en el empaquetado de munin en openSUSE Factory, Leap versión 15.1, permite a atacantes locales escalar desde un usuario munin a root. Este problema afecta a: munin versión 2.0.49-4.2 y versiones anteriores, de openSUSE Factory. munin versión 2.0.40-lp151.1.1 y versiones anteriores, de openSUSE Leap versión 15.1. • https://bugzilla.suse.com/show_bug.cgi?id=1155078 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •