CVE-2019-3691— Local privilege escalation from user munge to root
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-3691
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local privilege escalation from user munge to root
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Source: NVD (National Vulnerability Database)
Vulnerability Title
munge 后置链接漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
munge是一款用于创建和验证凭据的身份验证服务。 munge中存在后置链接漏洞。攻击者可利用该漏洞将权限提升至root。以下产品及版本受到影响:munge 0.5.13-4.3.1之前版本(SUSE Linux Enterprise Server 15版本),munge 0.5.13-6.1之前版本(openSUSE Factory)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server 15 | munge ~ 0.5.13-4.3.1 | - | |
| openSUSE | Factory | munge ~ 0.5.13-6.1 | - |
II. Public POCs for CVE-2019-3691
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-3691
Please Login to view more intelligence information
- https://bugzilla.suse.com/show_bug.cgi?id=1155075x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2019-3691
IV. Related Vulnerabilities
Same vendor: SUSE
- CVE-2026-25702
nftables disabled due to incorrect kernel backport - CVE-2025-62879
Rancher Backup Operator pod's logs leak S3 tokens - CVE-2025-62878
Local Path Provisioner vulnerable to Path Traversal via para - CVE-2025-67601
Rancher CLI skips TLS verification on Rancher CLI login comm - CVE-2025-67860
NeuVector scanner insecurely handles passwords as command ar
V. Comments for CVE-2019-3691
No comments yet