CVE-2019-3699

Name of the Vulnerable Software and Affected Versions privoxy versions 3.0.28-lp151.1.1 and prior versions privoxy versions 3.0.28-2.1 and prior versions

Description The issue is related to a UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1 and Factory. This vulnerability allows local attackers to escalate from user privoxy to root. The exploitation of this vulnerability may allow an attacker to gain elevated privileges.

Recommendations For privoxy version 3.0.28-lp151.1.1 and prior versions, update to a version that fixes the Symlink Following vulnerability. For privoxy version 3.0.28-2.1 and prior versions, update to a version that fixes the Symlink Following vulnerability. As a temporary workaround, consider restricting access to the vulnerable privoxy packaging to minimize the risk of exploitation.