CVE-2023-32182

A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182	Exploit Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:opensuse:leap:15.5:::::::*
	cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp5:::-:::*
	cpe:2.3:o:suse:suse_linux_enterprise_desktop:15:sp5::::::

History

25 Sep 2023, 16:32

Type	Values Removed	Values Added
CPE		cpe:2.3:o:suse:suse_linux_enterprise_desktop:15:sp5:::::: cpe:2.3:o:opensuse:leap:15.5:::::::* cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp5:::-:::*
References	~~(MISC) https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182 -~~	(MISC) https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182 - Exploit, Issue Tracking
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
First Time		Suse linux Enterprise High Performance Computing Suse Suse suse Linux Enterprise Desktop Opensuse leap Opensuse

19 Sep 2023, 17:57

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-19 16:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-32182

Mitre link : CVE-2023-32182

CVE.ORG link : CVE-2023-32182

JSON object : View

Products Affected

suse

suse_linux_enterprise_desktop
linux_enterprise_high_performance_computing

opensuse

leap

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2023-32182", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "meissner@suse.de", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.5}]}, "published": "2023-09-19T16:15:09.347", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182", "tags": ["Exploit", "Issue Tracking"], "source": "meissner@suse.de"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "meissner@suse.de", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de Resoluci\u00f3n de Enlace Incorrecta Antes del Acceso a Archivos ('Link Following') en SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix. Este problema afecta a SUSE Linux Enterprise Desktop 15 SP5 : antes de 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: anterior a 3.7.3-150500.3.5.1; openSUSE Leap 15.5: anterior a 3.7.3-150500.3.5.1."}], "lastModified": "2023-09-25T16:32:30.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E79D3E16-E284-40C6-916E-2EE78102BF4A"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp5:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "26F5E65A-CC1E-43D7-8181-53ACF3D04D01"}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:15:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35EE4FDE-ED2C-49FB-AA39-39C6888B295D"}], "operator": "OR"}]}], "sourceIdentifier": "meissner@suse.de"}