CVE-2019-18899
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| openSUSE | Leap 15.1 | apt-cacher-ng < 3.1-lp151.3.3.1 | affected |
Weaknesses
- CWE-269: CWE-269: Improper Privilege Management
ADP Enrichment
CVE Program Container
Additional References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html
- https://bugzilla.suse.com/show_bug.cgi?id=1157703
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html
- https://bugzilla.suse.com/show_bug.cgi?id=1157703
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.