Description
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.
References (2)
Core 2
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1118460
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html
Scores
CVSS v3
2.2
EPSS
0.0040
EPSS Percentile
31.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-377
CWE-59
Status
published
Products (1)
opensuse/supportutils
< 3.1-5.7.1
Published
Mar 05, 2019
Tracked Since
Feb 18, 2026