CVE-2011-4195

3 documents3 sources

Severity

7.5HIGH

EPSS

1.3%

top 20.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Kiwi Suse Studio Extension FOR System Z Suse Studio Onsite

Timeline

PublishedApr 16

Latest updateMay 17

Description

kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDsuse/studio_onsite1.2

▶NVDsuse/studio_extension1.2

▶NVDsuse/kiwi4.98.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-v8hw-r5fq-fv9v: kiwi before 4↗2022-05-17

▶

CVEList

CVE-2011-4195: kiwi before 4↗2014-04-16

▶