CVE-2019-18901 in OpenSuse and Suse Products
Published on March 2, 2020
mysql-systemd-helper allows setting 640 permissions of arbitrary files
Vulnerability Analysis
CVE-2019-18901 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity, and a small impact on availability.
Weakness Type
What is an insecure temporary file Vulnerability?
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CVE-2019-18901 has been classified to as an insecure temporary file vulnerability or weakness.
Products Associated with CVE-2019-18901
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-18901 are published in these products:
Affected Versions
SUSE Linux Enterprise Server 12:- Version mariadb and below 10.2.31-3.25.1 is affected.
- Version mariadb and below 10.2.31-3.26.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.