Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for openSUSE Leap 15.5 by SUSE

    CVE-2024-22034 (GCVE-0-2024-22034)

    Vulnerability from nvd – Published: 2024-10-16 13:46 – Updated: 2024-10-31 13:34
    VLAI
    Title
    Crafted projects can overwrite special files in the .osc config directory
    Summary
    Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    SUSE SUSE Linux Enterprise Desktop 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Development Tools 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Desktop 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Development Tools 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 12 SP5 Affected: ? , < 0.183.0-15.18.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 12 SP5 Affected: ? , < 0.183.0-15.18.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Software Development Kit 12 SP5 Affected: ? , < 0.183.0-15.18.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Leap 15.5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Leap 15.6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Tumbleweed Affected: ? , < 1.9.0-1.1 (custom)
    Create a notification for this product.
    Date Public
    2024-08-19 11:42
    Credits
    Daniel Mach of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22034",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-16T14:01:15.655473Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T13:34:34.435Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Desktop 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Desktop 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server 12 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.183.0-15.18.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.183.0-15.18.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Software Development Kit 12 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.183.0-15.18.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "openSUSE Leap 15.5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "openSUSE Leap 15.6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "openSUSE Tumbleweed",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-1.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Mach of SUSE"
            }
          ],
          "datePublic": "2024-08-19T11:42:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim\u003cbr\u003e"
                }
              ],
              "value": "Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-16T13:46:08.416Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22034"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Crafted projects can overwrite special files in the .osc config directory",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2024-22034",
        "datePublished": "2024-10-16T13:46:08.416Z",
        "dateReserved": "2024-01-04T12:38:34.024Z",
        "dateUpdated": "2024-10-31T13:34:34.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22033 (GCVE-0-2024-22033)

    Vulnerability from nvd – Published: 2024-10-16 13:42 – Updated: 2024-10-16 14:07
    VLAI
    Title
    obs-service-download_url is vulnerable to argument injection
    Summary
    The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    SUSE SUSE Package Hub 15 SP5 Affected: ? , < 0.2.1-bp155.3.3.1 (custom)
    Create a notification for this product.
    SUSE SUSE Package Hub 15 SP6 Affected: ? , < 0.2.1-bp156.2.3.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Leap 15.5 Affected: ? , < 0.2.1-bp155.3.3.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Leap 15.6 Affected: ? , < 0.2.1-bp156.2.3.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Tumbleweed Affected: ? , < 0.2.1-1.1 (custom)
    Create a notification for this product.
    Date Public
    2024-07-11 14:21
    Credits
    Maxime Rinaudo
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22033",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-16T14:07:38.141746Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-16T14:07:57.318Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "obs-service-download_url",
              "product": "SUSE Package Hub 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.2.1-bp155.3.3.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "obs-service-download_url",
              "product": "SUSE Package Hub 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.2.1-bp156.2.3.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "obs-service-download_url",
              "product": "openSUSE Leap 15.5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.2.1-bp155.3.3.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "obs-service-download_url",
              "product": "openSUSE Leap 15.6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.2.1-bp156.2.3.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "obs-service-download_url",
              "product": "openSUSE Tumbleweed",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.2.1-1.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Maxime Rinaudo"
            }
          ],
          "datePublic": "2024-07-11T14:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps\u003cbr\u003e"
                }
              ],
              "value": "The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-16T13:42:46.559Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22033"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "obs-service-download_url is vulnerable to argument injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2024-22033",
        "datePublished": "2024-10-16T13:42:46.559Z",
        "dateReserved": "2024-01-04T12:38:34.024Z",
        "dateUpdated": "2024-10-16T14:07:57.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22029 (GCVE-0-2024-22029)

    Vulnerability from nvd – Published: 2024-10-16 13:20 – Updated: 2025-08-26 20:18
    VLAI
    Title
    tomcat packaging allows for escalation to root from tomcat user
    Summary
    Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    SUSE Container suse/manager/5.0/x86_64/server:5.0.0-beta1.2.122 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Enterprise Storage 7.1 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Web and Scripting 15 SP5 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP5 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP5 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP6 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Web and Scripting 15 SP6 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP6 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP6 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP2-LTSS Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP3-LTSS Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP4-LTSS Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP2 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP3 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP4 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Manager Server 4.3 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Leap 15.5 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Tumbleweed Affected: ? , < 9.0.85-3.1 (custom)
    Create a notification for this product.
    Date Public
    2024-02-14 14:59
    Credits
    Johannes Segitz of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22029",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-16T14:33:12.827088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-26T20:18:11.916Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "Container suse/manager/5.0/x86_64/server:5.0.0-beta1.2.122",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Enterprise Storage 7.1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server 15 SP2-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server 15 SP3-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Manager Server 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "openSUSE Leap 15.5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "openSUSE Tumbleweed",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-3.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Johannes Segitz of SUSE"
            }
          ],
          "datePublic": "2024-02-14T14:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-16T13:20:47.698Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22029"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "tomcat packaging allows for escalation to root from tomcat user",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2024-22029",
        "datePublished": "2024-10-16T13:20:47.698Z",
        "dateReserved": "2024-01-04T12:38:34.023Z",
        "dateUpdated": "2025-08-26T20:18:11.916Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32182 (GCVE-0-2023-32182)

    Vulnerability from nvd – Published: 2023-09-19 15:07 – Updated: 2024-09-24 18:55
    VLAI
    Summary
    A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Credits
    Matthias Gerstner of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:10:24.453Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32182",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T18:48:27.447903Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T18:55:21.587Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "postfix",
              "product": "SUSE Linux Enterprise Desktop 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.7.3-150500.3.5.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "postfix",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.7.3-150500.3.5.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "postfix",
              "product": "openSUSE Leap 15.5 ",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.7.3-150500.3.5.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Matthias Gerstner of SUSE"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.\u003cp\u003eThis issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.\u003c/p\u003e"
                }
              ],
              "value": "A Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-19T15:07:02.966Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2023-32182",
        "datePublished": "2023-09-19T15:07:02.966Z",
        "dateReserved": "2023-05-04T08:30:59.320Z",
        "dateUpdated": "2024-09-24T18:55:21.587Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22034 (GCVE-0-2024-22034)

    Vulnerability from cvelistv5 – Published: 2024-10-16 13:46 – Updated: 2024-10-31 13:34
    VLAI
    Title
    Crafted projects can overwrite special files in the .osc config directory
    Summary
    Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    SUSE SUSE Linux Enterprise Desktop 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Development Tools 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Desktop 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Development Tools 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 12 SP5 Affected: ? , < 0.183.0-15.18.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 12 SP5 Affected: ? , < 0.183.0-15.18.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Software Development Kit 12 SP5 Affected: ? , < 0.183.0-15.18.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Leap 15.5 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Leap 15.6 Affected: ? , < 1.9.0-150400.10.6.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Tumbleweed Affected: ? , < 1.9.0-1.1 (custom)
    Create a notification for this product.
    Date Public
    2024-08-19 11:42
    Credits
    Daniel Mach of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22034",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-16T14:01:15.655473Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T13:34:34.435Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Desktop 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Desktop 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server 12 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.183.0-15.18.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.183.0-15.18.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "SUSE Linux Enterprise Software Development Kit 12 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.183.0-15.18.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "openSUSE Leap 15.5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "openSUSE Leap 15.6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-150400.10.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "osc",
              "product": "openSUSE Tumbleweed",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.0-1.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Daniel Mach of SUSE"
            }
          ],
          "datePublic": "2024-08-19T11:42:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim\u003cbr\u003e"
                }
              ],
              "value": "Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-16T13:46:08.416Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22034"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Crafted projects can overwrite special files in the .osc config directory",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2024-22034",
        "datePublished": "2024-10-16T13:46:08.416Z",
        "dateReserved": "2024-01-04T12:38:34.024Z",
        "dateUpdated": "2024-10-31T13:34:34.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22033 (GCVE-0-2024-22033)

    Vulnerability from cvelistv5 – Published: 2024-10-16 13:42 – Updated: 2024-10-16 14:07
    VLAI
    Title
    obs-service-download_url is vulnerable to argument injection
    Summary
    The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    SUSE SUSE Package Hub 15 SP5 Affected: ? , < 0.2.1-bp155.3.3.1 (custom)
    Create a notification for this product.
    SUSE SUSE Package Hub 15 SP6 Affected: ? , < 0.2.1-bp156.2.3.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Leap 15.5 Affected: ? , < 0.2.1-bp155.3.3.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Leap 15.6 Affected: ? , < 0.2.1-bp156.2.3.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Tumbleweed Affected: ? , < 0.2.1-1.1 (custom)
    Create a notification for this product.
    Date Public
    2024-07-11 14:21
    Credits
    Maxime Rinaudo
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22033",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-16T14:07:38.141746Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-16T14:07:57.318Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "obs-service-download_url",
              "product": "SUSE Package Hub 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.2.1-bp155.3.3.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "obs-service-download_url",
              "product": "SUSE Package Hub 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.2.1-bp156.2.3.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "obs-service-download_url",
              "product": "openSUSE Leap 15.5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.2.1-bp155.3.3.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "obs-service-download_url",
              "product": "openSUSE Leap 15.6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.2.1-bp156.2.3.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "obs-service-download_url",
              "product": "openSUSE Tumbleweed",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.2.1-1.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Maxime Rinaudo"
            }
          ],
          "datePublic": "2024-07-11T14:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps\u003cbr\u003e"
                }
              ],
              "value": "The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-16T13:42:46.559Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22033"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "obs-service-download_url is vulnerable to argument injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2024-22033",
        "datePublished": "2024-10-16T13:42:46.559Z",
        "dateReserved": "2024-01-04T12:38:34.024Z",
        "dateUpdated": "2024-10-16T14:07:57.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22029 (GCVE-0-2024-22029)

    Vulnerability from cvelistv5 – Published: 2024-10-16 13:20 – Updated: 2025-08-26 20:18
    VLAI
    Title
    tomcat packaging allows for escalation to root from tomcat user
    Summary
    Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    Impacted products
    Vendor Product Version
    SUSE Container suse/manager/5.0/x86_64/server:5.0.0-beta1.2.122 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Enterprise Storage 7.1 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Web and Scripting 15 SP5 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP5 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP5 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP6 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Web and Scripting 15 SP6 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP6 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP6 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP2-LTSS Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP3-LTSS Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP4-LTSS Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP2 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP3 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP4 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE SUSE Manager Server 4.3 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Leap 15.5 Affected: ? , < 9.0.85-150200.57.1 (custom)
    Create a notification for this product.
    SUSE openSUSE Tumbleweed Affected: ? , < 9.0.85-3.1 (custom)
    Create a notification for this product.
    Date Public
    2024-02-14 14:59
    Credits
    Johannes Segitz of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22029",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-16T14:33:12.827088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-26T20:18:11.916Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "Container suse/manager/5.0/x86_64/server:5.0.0-beta1.2.122",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Enterprise Storage 7.1",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Module for Web and Scripting 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server 15 SP2-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server 15 SP3-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "SUSE Manager Server 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "openSUSE Leap 15.5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-150200.57.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "tomcat",
              "product": "openSUSE Tumbleweed",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0.85-3.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Johannes Segitz of SUSE"
            }
          ],
          "datePublic": "2024-02-14T14:59:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-16T13:20:47.698Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22029"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "tomcat packaging allows for escalation to root from tomcat user",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2024-22029",
        "datePublished": "2024-10-16T13:20:47.698Z",
        "dateReserved": "2024-01-04T12:38:34.023Z",
        "dateUpdated": "2025-08-26T20:18:11.916Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32182 (GCVE-0-2023-32182)

    Vulnerability from cvelistv5 – Published: 2023-09-19 15:07 – Updated: 2024-09-24 18:55
    VLAI
    Summary
    A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Credits
    Matthias Gerstner of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:10:24.453Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32182",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T18:48:27.447903Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T18:55:21.587Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "postfix",
              "product": "SUSE Linux Enterprise Desktop 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.7.3-150500.3.5.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "postfix",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.7.3-150500.3.5.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "postfix",
              "product": "openSUSE Leap 15.5 ",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "3.7.3-150500.3.5.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Matthias Gerstner of SUSE"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.\u003cp\u003eThis issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.\u003c/p\u003e"
                }
              ],
              "value": "A Improper Link Resolution Before File Access (\u0027Link Following\u0027) vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-19T15:07:02.966Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32182"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2023-32182",
        "datePublished": "2023-09-19T15:07:02.966Z",
        "dateReserved": "2023-05-04T08:30:59.320Z",
        "dateUpdated": "2024-09-24T18:55:21.587Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }