CVE-2019-18899

CWE-269 — Improper Privilege Management CWE-732 — Incorrect Permission Assignment5 documents5 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 69.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Leap 15.1 Apt-cacher-ng Project Apt-cacher-ng Opensuse Backports

Timeline

PublishedJan 23

Latest updateMay 24

Description

The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5opensuse/leap_15.1apt-cacher-ng — 3.1-lp151.3.3.1

▶NVDapt-cacher-ng_project/apt-cacher-ng< 3.1-lp151.3.3.1

▶NVDopensuse/backportssle-15

🔴Vulnerability Details

GHSA

GHSA-fv3j-23hh-g3xf: The apt-cacher-ng package of openSUSE Leap 15↗2022-05-24

▶

CVEList

apt-cacher-ng insecure use of /run/apt-cacher-ng↗2020-01-23

▶

OSV

CVE-2019-18899: The apt-cacher-ng package of openSUSE Leap 15↗2020-01-23

▶

📋Vendor Advisories

Debian

CVE-2019-18899: apt-cacher-ng - The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned di...↗2019

▶