CVE-2019-3699

HIGH

privoxy < 3.0.28-lp151.1.1 - Privilege Escalation via Symlink Following

Title source: llm
STIX 2.1

Description

UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions.

References (1)

Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1157449

Scores

CVSS v3 7.7
EPSS 0.0041
EPSS Percentile 32.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-59
Status published
Products (1)
privoxy/privoxy < 3.0.28-lp151.1.1
Published Jan 24, 2020
Tracked Since Feb 18, 2026