{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-07T05:51:04.917","vulnerabilities":[{"cve":{"id":"CVE-2019-3693","sourceIdentifier":"meissner@suse.de","published":"2020-01-24T10:15:12.053","lastModified":"2024-11-21T04:42:20.753","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions."},{"lang":"es","value":"Una vulnerabilidad de tipo symlink following en el empaquetado de mailman en SUSE Linux Enterprise Server versión 11, SUSE Linux Enterprise Server versión 12; openSUSE Leap versión 15.1, permitió a atacantes locales escalar sus privilegios desde un usuario wwwrun a root. Adicionalmente, los archivos arbitrarios pueden ser cambiados a mailman de grupo. Este problema afecta a: mailman versiones anteriores a 2.1.15-9.6.15.1 de SUSE Linux Enterprise Server versión 11. mailman versiones anteriores a 2.1.17-3.11.1 de SUSE Linux Enterprise Server versión 12. mailman versión 2.1.29-lp151.2.14 y versiones anteriores, de openSUSE Leap versión 15.1."}],"metrics":{"cvssMetricV31":[{"source":"meissner@suse.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"meissner@suse.de","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:suse:mailman:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.15-9.6.15.1","matchCriteriaId":"F4378052-91CF-47E4-8600-F3FAF2A6A2C0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*","matchCriteriaId":"F13F07CC-739B-465C-9184-0E9D708BD4C7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:suse:mailman:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.17-3.11.1","matchCriteriaId":"1C31B658-2EE8-4DCF-9D52-5BD03110B7A5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*","matchCriteriaId":"15FC9014-BD85-4382-9D04-C0703E901D7A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:suse:mailman:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.29-lp151.2.14","matchCriteriaId":"39D76848-1031-46B9-B1EF-7BC3EB3B6597"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","matchCriteriaId":"B620311B-34A3-48A6-82DF-6F078D7A4493"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*","matchCriteriaId":"40513095-7E6E-46B3-B604-C926F1BA3568"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00059.html","source":"meissner@suse.de","tags":["Mailing List","Vendor Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00000.html","source":"meissner@suse.de","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1154328","source":"meissner@suse.de","tags":["Issue Tracking","Vendor Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00059.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00000.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1154328","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}