CVE-2021-31997 – python-postorius: postorius-permissions.sh used during %post allows local privilege escalation from postorius user to root

https://notcve.org/view.php?id=CVE-2021-31997

A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions. Una vulnerabilidad de enlace simbólico de UNIX (Symlink) en python-postorius de openSUSE Leap 15.2, Factory permite a los atacantes locales escalar desde los usuarios postorius o postorius-admin a root. Este problema afecta a: openSUSE Leap 15.2 python-postorius versión 1.3.2-lp152.1.2 y versiones anteriores. openSUSE Factory python-postorius versión 1.3.4-2.1 y versiones anteriores • https://bugzilla.suse.com/show_bug.cgi?id=1182407 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •