CVE-2021-32000

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up versions 1.6-4.6.1 and prior versions SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up versions 1.6-3.9.1 and prior versions openSUSE Factory clone-master-clean-up versions 1.6-1.4 and prior versions

Description A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up allows local attackers to delete arbitrary files. This issue is related to errors in handling links, which can be exploited by an attacker to remove files.

Recommendations For SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up versions 1.6-4.6.1 and prior versions, update to a version later than 1.6-4.6.1 to resolve the issue. For SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up versions 1.6-3.9.1 and prior versions, update to a version later than 1.6-3.9.1 to resolve the issue. For openSUSE Factory clone-master-clean-up versions 1.6-1.4 and prior versions, update to a version later than 1.6-1.4 to resolve the issue. As a temporary workaround, consider restricting access to the clone-master-clean-up.sh script until a patch is available.