osc: stores downloaded (supposed) RPM in network-controlled filesystem paths
CVE-2019-3681

7.5HIGH

Key Information:

Vendor: Suse
Status: Suse Linux Enterprise Module For Development Tools 15; Suse Linux Enterprise Software Development Kit 12-sp5; Suse Linux Enterprise Software Development Kit 12-sp4; Opensuse Leap 15.1
Vendor: CVE Published:; 29 June 2020

Summary

A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .

Affected Version(s)

openSUSE Factory osc < 0.169.0

openSUSE Leap 15.1 osc < 0.169.1-lp151.2.15.1

SUSE Linux Enterprise Module for Development Tools 15 osc < 0.169.1-3.20.1

References

https://bugzilla.suse.com/show_bug.cgi?id=1122675

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 29, 2020
Vulnerability Reserved
Jan 3, 2019

Credit

Malte Kraus of SUSE