CVE-2021-25322

High

A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to…

suse·CWE-61·Published 2021-06-10

CVSS

7.8

EPSS

0.00

KEV

Exploits

cve.orgen

373 chars

A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1.

NVDen

373 chars

NVDes

399 chars

Una vulnerabilidad de seguimiento de enlaces simbólicos UNIX (Symlink) en python-HyperKitty de openSUSE Leap 15.2, Factory permite a atacantes locales escalar privilegios del usuario hyperkitty o hyperkitty-admin a root. Este problema afecta a: openSUSE Leap 15.2 python-HyperKitty versión 1.3.2-lp152.2.3.1 y versiones anteriores. openSUSE Factory python-HyperKitty versiones anteriores a 1.3.4-5.1

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.2	3.9	10.0	AV:L/AC:L/Au:N/C:C/I:C/A:C
3.1	Primary	NVD	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	6.8	—	—	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
3.1	Primary	cve.org	6.8	—	—	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
3.1	Secondary	NVD	6.8	2.5	4.2	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N