Attackers can inject malicious files into osc package sources
CVE-2024-22034

5.5MEDIUM

Key Information:

Vendor: Suse
Status: Suse Linux Enterprise Desktop 15 Sp5; Suse Linux Enterprise High Performance Computing 15 Sp5; Suse Linux Enterprise Module For Development Tools 15 Sp5; Suse Linux Enterprise Server 15 Sp5
Vendor: CVE Published:; 16 October 2024

What is CVE-2024-22034?

A configuration manipulation vulnerability exists in the open source configuration tool, osc, where attackers can place special files within the .osc directory into the actual package sources. By exploiting this flaw, an attacker can modify critical configuration settings, potentially impacting system operations and security for the victim user. This vulnerability highlights the importance of securing configuration tools against unauthorized access and manipulation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

openSUSE Leap 15.5 ? < 1.9.0-150400.10.6.1

openSUSE Leap 15.6 ? < 1.9.0-150400.10.6.1

openSUSE Tumbleweed ? < 1.9.0-1.1

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22034

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2024
Vulnerability Reserved
Jan 4, 2024

Credit

Daniel Mach of SUSE

JSON

Suse

What is CVE-2024-22034?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.