CVE-2019-3681
Published: Jun 29, 2020
Modified: Sep 17, 2024
CVSS v3.1
7.5
Description
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .
| Vendor | Product | Versions |
|---|---|---|
SUSE | SUSE Linux Enterprise Module for Development Tools 15 | affected osc - < 0.169.1-3.20.1 |
SUSE | SUSE Linux Enterprise Software Development Kit 12-SP5 | affected osc - < 0.162.1-15.9.1 |
SUSE | SUSE Linux Enterprise Software Development Kit 12-SP4 | affected osc - < 0.162.1-15.9.1 |
openSUSE | openSUSE Leap 15.1 | affected osc - < 0.169.1-lp151.2.15.1 |
openSUSE | openSUSE Factory | affected osc - < 0.169.0 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now