Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for SUSE Linux Enterprise Desktop 15 SP5 by SUSE

    CVE-2024-22034 (GCVE-0-2024-22034)

    Vulnerability from nvd – Published: 2024-10-16 13:46 – Updated: 2024-10-31 13:34
    VLAI
    Title
    Crafted projects can overwrite special files in the .osc config directory
    Summary
    Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    SUSE SUSE Linux Enterprise Desktop 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Development Tools 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Desktop 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Development Tools 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 12 SP5 Affected: ? , < 0.183.0-15.18.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 12 SP5 Affected: ? , < 0.183.0-15.18.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Software Development Kit 12 SP5 Affected: ? , < 0.183.0-15.18.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Leap 15.5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Leap 15.6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Tumbleweed Affected: ? , < 1.9.0-1.1 (custom)
    Create a notification for this product.
    Date Public
    2024-08-19 11:42
    Credits
    Daniel Mach of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22034",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-16T14:01:15.655473Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T13:34:34.435Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Desktop 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Desktop 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server 12 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.183.0-15.18.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.183.0-15.18.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Software Development Kit 12 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.183.0-15.18.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "openSUSE Leap 15.5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "openSUSE Leap 15.6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "openSUSE Tumbleweed",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-1.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Mach of SUSE"
            }
          ],
          "datePublic": "2024-08-19T11:42:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim\u003cbr\u003e"
                }
              ],
              "value": "Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-16T13:46:08.416Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22034"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Crafted projects can overwrite special files in the .osc config directory",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2024-22034",
        "datePublished": "2024-10-16T13:46:08.416Z",
        "dateReserved": "2024-01-04T12:38:34.024Z",
        "dateUpdated": "2024-10-31T13:34:34.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32182 (GCVE-0-2023-32182)

    Vulnerability from nvd – Published: 2023-09-19 15:07 – Updated: 2024-09-24 18:55
    VLAI
    Summary
    A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Credits
    Matthias Gerstner of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:10:24.453Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32182",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T18:48:27.447903Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T18:55:21.587Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "postfix",
              "product": "SUSE Linux Enterprise Desktop 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.7.3-150500.3.5.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "postfix",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.7.3-150500.3.5.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "postfix",
              "product": "openSUSE Leap 15.5 ",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.7.3-150500.3.5.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Matthias Gerstner of SUSE"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.\u003cp\u003eThis issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.\u003c/p\u003e"
                }
              ],
              "value": "A Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-19T15:07:02.966Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2023-32182",
        "datePublished": "2023-09-19T15:07:02.966Z",
        "dateReserved": "2023-05-04T08:30:59.320Z",
        "dateUpdated": "2024-09-24T18:55:21.587Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22034 (GCVE-0-2024-22034)

    Vulnerability from cvelistv5 – Published: 2024-10-16 13:46 – Updated: 2024-10-31 13:34
    VLAI
    Title
    Crafted projects can overwrite special files in the .osc config directory
    Summary
    Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    SUSE SUSE Linux Enterprise Desktop 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Development Tools 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Desktop 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Development Tools 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 12 SP5 Affected: ? , < 0.183.0-15.18.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 12 SP5 Affected: ? , < 0.183.0-15.18.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Software Development Kit 12 SP5 Affected: ? , < 0.183.0-15.18.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Leap 15.5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Leap 15.6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Tumbleweed Affected: ? , < 1.9.0-1.1 (custom)
    Create a notification for this product.
    Date Public
    2024-08-19 11:42
    Credits
    Daniel Mach of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22034",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-16T14:01:15.655473Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T13:34:34.435Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Desktop 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Desktop 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server 12 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.183.0-15.18.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.183.0-15.18.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Software Development Kit 12 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.183.0-15.18.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "openSUSE Leap 15.5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "openSUSE Leap 15.6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "openSUSE Tumbleweed",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-1.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Mach of SUSE"
            }
          ],
          "datePublic": "2024-08-19T11:42:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim\u003cbr\u003e"
                }
              ],
              "value": "Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-16T13:46:08.416Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22034"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Crafted projects can overwrite special files in the .osc config directory",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2024-22034",
        "datePublished": "2024-10-16T13:46:08.416Z",
        "dateReserved": "2024-01-04T12:38:34.024Z",
        "dateUpdated": "2024-10-31T13:34:34.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32182 (GCVE-0-2023-32182)

    Vulnerability from cvelistv5 – Published: 2023-09-19 15:07 – Updated: 2024-09-24 18:55
    VLAI
    Summary
    A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Credits
    Matthias Gerstner of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:10:24.453Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32182",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T18:48:27.447903Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T18:55:21.587Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "postfix",
              "product": "SUSE Linux Enterprise Desktop 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.7.3-150500.3.5.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "postfix",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.7.3-150500.3.5.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "postfix",
              "product": "openSUSE Leap 15.5 ",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.7.3-150500.3.5.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Matthias Gerstner of SUSE"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.\u003cp\u003eThis issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.\u003c/p\u003e"
                }
              ],
              "value": "A Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-19T15:07:02.966Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2023-32182",
        "datePublished": "2023-09-19T15:07:02.966Z",
        "dateReserved": "2023-05-04T08:30:59.320Z",
        "dateUpdated": "2024-09-24T18:55:21.587Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }