osc: stores downloaded (supposed) RPM in network-controlled filesystem paths

CVE-2019-3681

7.5HIGH

Key Information

Vendor: Suse
Status: Suse Linux Enterprise Module For Development Tools 15; Suse Linux Enterprise Software Development Kit 12-sp5; Suse Linux Enterprise Software Development Kit 12-sp4; Opensuse Leap 15.1
Vendor: CVE Published:; 29 June 2020

Summary

A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .

Affected Version(s)

SUSE Linux Enterprise Module for Development Tools 15 < 0.169.1-3.20.1

SUSE Linux Enterprise Software Development Kit 12-SP5 < 0.162.1-15.9.1

SUSE Linux Enterprise Software Development Kit 12-SP4 < 0.162.1-15.9.1

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: 9.8 to: 7.5 - (HIGH)
Feb 22, 2024
Vulnerability published.
Jun 29, 2020
Vulnerability Reserved.
Jan 3, 2019

Collectors

NVD DatabaseMitre Database

Credit

Malte Kraus of SUSE