Insecure Temporary File
CVE-2018-17955
Summary
In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection
- HIGH
- LOCAL
- LOW
- UNCHANGED
- REQUIRED
- LOW
- NONE
- NONE
CWE-377 - Insecure Temporary File
Creating and using insecure temporary files can leave application and system data vulnerable to attack.
References
Advisory Timeline
- Published
