CVE-2011-3180 — Kiwi vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.5%

top 18.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Kiwi Suse Studio Extension FOR System Z Suse Studio Onsite

Timeline

PublishedApr 16

Latest updateMay 17

Description

kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDsuse/studio_onsite1.2

▶NVDsuse/studio_extension1.2

▶NVDsuse/kiwi4.98.07

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-vq3j-4cjf-gfwg: kiwi before 4↗2022-05-17

▶

CVEList

CVE-2011-3180: kiwi before 4↗2014-04-16

▶