CVE-2019-3692

Name of the Vulnerable Software and Affected Versions inn versions 2.4.2-170.21.3.1 and prior versions inn versions 2.5.4-lp151.2.47 and prior versions inn versions 2.6.2-2.2 and prior versions

Description The issue allows local attackers to escalate from user inn to root via symlink attacks. This is due to incorrect link resolution before accessing a file, which can allow an attacker to gain unauthorized access to protected information and execute arbitrary code.

Recommendations For inn version 2.4.2-170.21.3.1 and prior versions, update to a version later than 2.4.2-170.21.3.1 to resolve the issue. For inn version 2.5.4-lp151.2.47 and prior versions, update to a version later than 2.5.4-lp151.2.47 to resolve the issue. For inn version 2.6.2-2.2 and prior versions, update to a version later than 2.6.2-2.2 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.