CVE-2024-22034
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SUSE | SUSE Linux Enterprise Desktop 15 SP5 | ? < 1.9.0-150400.10.6.1 | affected |
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP5 | ? < 1.9.0-150400.10.6.1 | affected |
| SUSE | SUSE Linux Enterprise Module for Development Tools 15 SP5 | ? < 1.9.0-150400.10.6.1 | affected |
| SUSE | SUSE Linux Enterprise Server 15 SP5 | ? < 1.9.0-150400.10.6.1 | affected |
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ? < 1.9.0-150400.10.6.1 | affected |
| SUSE | SUSE Linux Enterprise Desktop 15 SP6 | ? < 1.9.0-150400.10.6.1 | affected |
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP6 | ? < 1.9.0-150400.10.6.1 | affected |
| SUSE | SUSE Linux Enterprise Module for Development Tools 15 SP6 | ? < 1.9.0-150400.10.6.1 | affected |
| SUSE | SUSE Linux Enterprise Server 15 SP6 | ? < 1.9.0-150400.10.6.1 | affected |
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ? < 1.9.0-150400.10.6.1 | affected |
| SUSE | SUSE Linux Enterprise Server 12 SP5 | ? < 0.183.0-15.18.1 | affected |
| SUSE | SUSE Linux Enterprise Server for SAP Applications 12 SP5 | ? < 0.183.0-15.18.1 | affected |
| SUSE | SUSE Linux Enterprise Software Development Kit 12 SP5 | ? < 0.183.0-15.18.1 | affected |
| SUSE | openSUSE Leap 15.5 | ? < 1.9.0-150400.10.6.1 | affected |
| SUSE | openSUSE Leap 15.6 | ? < 1.9.0-150400.10.6.1 | affected |
| SUSE | openSUSE Tumbleweed | ? < 1.9.0-1.1 | affected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.