CVE-2018-17955

In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection

Published : 2019-03-15 20:29 Updated : 2019-03-18 15:57

3.6
CVSS Score More info
Score 3.6 / 10
3.6

CPE

There is no CPE for this CVE.

CWE

ID Name Description Links
CWE-59 Improper Link Resolution Before File Access ('Link Following') The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. CVE

History of changes

Date Event
2019-03-18 15:57
2019-03-15 20:29

New CVE