Search
Find a vulnerability
Search criteria
4 vulnerabilities found for SUSE Linux Enterprise Desktop 15 SP5 by SUSE
CVE-2024-22034 (GCVE-0-2024-22034)
Vulnerability from nvd – Published: 2024-10-16 13:46 – Updated: 2024-10-31 13:34
VLAI
Title
Crafted projects can overwrite special files in the .osc config directory
Summary
Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Linux Enterprise Desktop 15 SP5 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP5 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Module for Development Tools 15 SP5 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 15 SP5 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP5 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Desktop 15 SP6 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP6 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Module for Development Tools 15 SP6 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 15 SP6 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP6 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12 SP5 |
Affected:
? , < 0.183.0-15.18.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP Applications 12 SP5 |
Affected:
? , < 0.183.0-15.18.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Software Development Kit 12 SP5 |
Affected:
? , < 0.183.0-15.18.1
(custom)
|
|
| SUSE | openSUSE Leap 15.5 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | openSUSE Leap 15.6 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | openSUSE Tumbleweed |
Affected:
? , < 1.9.0-1.1
(custom)
|
Date Public
2024-08-19 11:42
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22034",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:01:15.655473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T13:34:34.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Desktop 15 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Server 15 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Desktop 15 SP6",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP6",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Server 15 SP6",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Server 12 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.183.0-15.18.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.183.0-15.18.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.183.0-15.18.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "openSUSE Leap 15.5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "openSUSE Leap 15.6",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "openSUSE Tumbleweed",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-1.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Daniel Mach of SUSE"
}
],
"datePublic": "2024-08-19T11:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim\u003cbr\u003e"
}
],
"value": "Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T13:46:08.416Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22034"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Crafted projects can overwrite special files in the .osc config directory",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-22034",
"datePublished": "2024-10-16T13:46:08.416Z",
"dateReserved": "2024-01-04T12:38:34.024Z",
"dateUpdated": "2024-10-31T13:34:34.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32182 (GCVE-0-2023-32182)
Vulnerability from nvd – Published: 2023-09-19 15:07 – Updated: 2024-09-24 18:55
VLAI
Summary
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Linux Enterprise Desktop 15 SP5 |
Affected:
? , < 3.7.3-150500.3.5.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP5 |
Affected:
? , < 3.7.3-150500.3.5.1
(custom)
|
|
| SUSE | openSUSE Leap 15.5 |
Affected:
? , < 3.7.3-150500.3.5.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:48:27.447903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:55:21.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "postfix",
"product": "SUSE Linux Enterprise Desktop 15 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "3.7.3-150500.3.5.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "postfix",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "3.7.3-150500.3.5.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "postfix",
"product": "openSUSE Leap 15.5 ",
"vendor": "SUSE",
"versions": [
{
"lessThan": "3.7.3-150500.3.5.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Matthias Gerstner of SUSE"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.\u003cp\u003eThis issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.\u003c/p\u003e"
}
],
"value": "A Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T15:07:02.966Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2023-32182",
"datePublished": "2023-09-19T15:07:02.966Z",
"dateReserved": "2023-05-04T08:30:59.320Z",
"dateUpdated": "2024-09-24T18:55:21.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22034 (GCVE-0-2024-22034)
Vulnerability from cvelistv5 – Published: 2024-10-16 13:46 – Updated: 2024-10-31 13:34
VLAI
Title
Crafted projects can overwrite special files in the .osc config directory
Summary
Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Linux Enterprise Desktop 15 SP5 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP5 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Module for Development Tools 15 SP5 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 15 SP5 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP5 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Desktop 15 SP6 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP6 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Module for Development Tools 15 SP6 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 15 SP6 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP6 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 12 SP5 |
Affected:
? , < 0.183.0-15.18.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP Applications 12 SP5 |
Affected:
? , < 0.183.0-15.18.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Software Development Kit 12 SP5 |
Affected:
? , < 0.183.0-15.18.1
(custom)
|
|
| SUSE | openSUSE Leap 15.5 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | openSUSE Leap 15.6 |
Affected:
? , < 1.9.0-150400.10.6.1
(custom)
|
|
| SUSE | openSUSE Tumbleweed |
Affected:
? , < 1.9.0-1.1
(custom)
|
Date Public
2024-08-19 11:42
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22034",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:01:15.655473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T13:34:34.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Desktop 15 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Server 15 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Desktop 15 SP6",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP6",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Server 15 SP6",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Server 12 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.183.0-15.18.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.183.0-15.18.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.183.0-15.18.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "openSUSE Leap 15.5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "openSUSE Leap 15.6",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-150400.10.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "osc",
"product": "openSUSE Tumbleweed",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.0-1.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Daniel Mach of SUSE"
}
],
"datePublic": "2024-08-19T11:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim\u003cbr\u003e"
}
],
"value": "Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T13:46:08.416Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22034"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Crafted projects can overwrite special files in the .osc config directory",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-22034",
"datePublished": "2024-10-16T13:46:08.416Z",
"dateReserved": "2024-01-04T12:38:34.024Z",
"dateUpdated": "2024-10-31T13:34:34.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32182 (GCVE-0-2023-32182)
Vulnerability from cvelistv5 – Published: 2023-09-19 15:07 – Updated: 2024-09-24 18:55
VLAI
Summary
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Linux Enterprise Desktop 15 SP5 |
Affected:
? , < 3.7.3-150500.3.5.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP5 |
Affected:
? , < 3.7.3-150500.3.5.1
(custom)
|
|
| SUSE | openSUSE Leap 15.5 |
Affected:
? , < 3.7.3-150500.3.5.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:48:27.447903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:55:21.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "postfix",
"product": "SUSE Linux Enterprise Desktop 15 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "3.7.3-150500.3.5.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "postfix",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "3.7.3-150500.3.5.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "postfix",
"product": "openSUSE Leap 15.5 ",
"vendor": "SUSE",
"versions": [
{
"lessThan": "3.7.3-150500.3.5.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Matthias Gerstner of SUSE"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.\u003cp\u003eThis issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.\u003c/p\u003e"
}
],
"value": "A Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T15:07:02.966Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2023-32182",
"datePublished": "2023-09-19T15:07:02.966Z",
"dateReserved": "2023-05-04T08:30:59.320Z",
"dateUpdated": "2024-09-24T18:55:21.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}