First published: Wed Oct 26 2022(Updated: )
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.
Credit: meissner@suse.de
Affected Software | Affected Version | How to fix |
---|---|---|
openSUSE Factory | <8.17.1-1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-31256.
The title of this vulnerability is 'A Improper Link Resolution Before File Access (Link Following) vulnerability in a script called by...'.
The severity of CVE-2022-31256 is high (7.8).
CVE-2022-31256 affects openSUSE Factory sendmail versions prior to 8.17.1-1.1.
Local attackers can exploit CVE-2022-31256 to escalate from user mail to root.