CVE-2024-22034

Summary

Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim

Affected Software

VendorProductVersion RangeStatus
SUSESUSE Linux Enterprise Desktop 15 SP5? < 1.9.0-150400.10.6.1affected
SUSESUSE Linux Enterprise High Performance Computing 15 SP5? < 1.9.0-150400.10.6.1affected
SUSESUSE Linux Enterprise Module for Development Tools 15 SP5? < 1.9.0-150400.10.6.1affected
SUSESUSE Linux Enterprise Server 15 SP5? < 1.9.0-150400.10.6.1affected
SUSESUSE Linux Enterprise Server for SAP Applications 15 SP5? < 1.9.0-150400.10.6.1affected
SUSESUSE Linux Enterprise Desktop 15 SP6? < 1.9.0-150400.10.6.1affected
SUSESUSE Linux Enterprise High Performance Computing 15 SP6? < 1.9.0-150400.10.6.1affected
SUSESUSE Linux Enterprise Module for Development Tools 15 SP6? < 1.9.0-150400.10.6.1affected
SUSESUSE Linux Enterprise Server 15 SP6? < 1.9.0-150400.10.6.1affected
SUSESUSE Linux Enterprise Server for SAP Applications 15 SP6? < 1.9.0-150400.10.6.1affected
SUSESUSE Linux Enterprise Server 12 SP5? < 0.183.0-15.18.1affected
SUSESUSE Linux Enterprise Server for SAP Applications 12 SP5? < 0.183.0-15.18.1affected
SUSESUSE Linux Enterprise Software Development Kit 12 SP5? < 0.183.0-15.18.1affected
SUSEopenSUSE Leap 15.5? < 1.9.0-150400.10.6.1affected
SUSEopenSUSE Leap 15.6? < 1.9.0-150400.10.6.1affected
SUSEopenSUSE Tumbleweed? < 1.9.0-1.1affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References