openSUSE Tumbleweed Traefik2 Privilege Escalation Vulnerability
Vulnerability
A vulnerability allowing privilege escalation from the Traefik user to root has been identified in the packaging of openSUSE Tumbleweed Traefik2, prior to version 2.11.29. This issue arises from the post-installation script, which includes commands to change the ownership of certain directories and files. These commands are executed as root, in user-controlled directories, creating an opportunity for the Traefik user to gain root privileges.
Impact
Exploitation of this vulnerability allows the Traefik user to escalate privileges to root.
Reproduction
The vulnerability can be reproduced by simulating a package update with Zypper, after creating a symbolic link in a directory owned by the Traefik user. The post-installation script will then execute, running the ownership change commands as root, which can be used to manipulate sensitive files such as '/etc/passwd'.
Remediation
The issue has been addressed in the openSUSE Tumbleweed Traefik2 package. Users should ensure they are using the latest version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.