View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2019-10143 severity moderate: SUSE including 36 source package names (freeradius-3.0.13-15.el7, freeradius-3.0.17-6.module+el8.1.0+3392+9bd8939b, …), 110 product×package rows across 16 product lines (SLES for SAP Applications 11 SP3, SUSE Liberty Linux 7, … (16 product lines)): Known Not Affected 74, Fixed 36.
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."