CVE-2019-3696 Detail
Current Description
A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.
Source: MITRE
View Analysis Description
Analysis Description
A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1.
Source: MITRE
Severity
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].
Weakness Enumeration
CWE-ID | CWE Name | Source |
---|---|---|
CWE-22 | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | NIST SUSE |
Known Affected Software Configurations Switch to CPE 2.2
Configuration 1 ( hide )
Configuration 2 ( hide )
Configuration 3 ( hide )
cpe:2.3:a:opensuse:pcp:*:*:*:*:*:*:*:* Show Matching CPE(s) |
Up to (excluding) 3.11.9-6.14.1 |
|
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp4:*:*:*:*:*:* Show Matching CPE(s) |
||
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp5:*:*:*:*:*:* Show Matching CPE(s) |
Configuration 4 ( hide )
Change History
2 change records found – show changes
Initial Analysis – 3/6/2020 1:00:35 PM
Action | Type | Old Value | New Value |
---|---|---|---|
Added | CPE Configuration |
AND OR *cpe:2.3:a:opensuse:pcp:*:*:*:*:*:*:*:* versions up to (excluding) 3.11.9-5.8.1 OR cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:*:*:*:espos:*:*:* cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:*:*:*:ltss:*:*:* cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:ltss:*:* cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:sap:*:* |
|
Added | CPE Configuration |
AND OR *cpe:2.3:a:opensuse:pcp:*:*:*:*:*:*:*:* versions up to (excluding) 3.11.9-6.14.1 OR cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp4:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp5:*:*:*:*:*:* |
|
Added | CPE Configuration |
AND OR *cpe:2.3:a:opensuse:pcp:*:*:*:*:*:*:*:* versions up to (excluding) 4.3.1-3.5.3 OR cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:*:*:*:* |
|
Added | CPE Configuration |
AND OR *cpe:2.3:a:opensuse:pcp:*:*:*:*:*:*:*:* versions up to (excluding) 4.3.1-lp151.2.3.1 OR cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
|
Added | CVSS V2 |
NIST (AV:L/AC:L/Au:N/C:P/I:P/A:P) |
|
Added | CVSS V3.1 |
NIST AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
Added | CWE |
NIST CWE-22 |
|
Changed | Reference Type |
https://bugzilla.suse.com/show_bug.cgi?id=1153921 No Types Assigned |
https://bugzilla.suse.com/show_bug.cgi?id=1153921 Exploit, Issue Tracking, Vendor Advisory |
CVE Modified by MITRE – 3/3/2020 7:15:11 AM
Action | Type | Old Value | New Value |
---|---|---|---|
Added | CVSS V3.1 |
SUSE AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
Removed | CVSS V3.1 |
[email protected] AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
Added | CWE |
SUSE CWE-22 |
|
Removed | CWE |
[email protected] CWE-22 |
|
Changed | Description | Record truncated, showing 500 of 1580 characters. View Entire Change Record
A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Ent |
Record truncated, showing 500 of 1578 characters. View Entire Change Record
A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Ent |
Quick Info
CVE Dictionary Entry:
CVE-2019-3696
NVD Published Date:
03/03/2020
NVD Last Modified:
03/06/2020