CVE-2024-22034
published 2024-10-16CVE-2024-22034: Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNIHAN
Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | osc | < osc 1.9.0-1 (forky) | osc 1.9.0-1 (forky) |
| opensuse | osc | >= 0 < 1.9.0-1 | 1.9.0-1 |
| opensuse | osc | >= 0 < 1.9.0-1 | 1.9.0-1 |
| suse | opensuse_leap_15.5 | >= ? < 1.9.0-150400.10.6.1 | 1.9.0-150400.10.6.1 |
| suse | opensuse_leap_15.6 | >= ? < 1.9.0-150400.10.6.1 | 1.9.0-150400.10.6.1 |
| suse | opensuse_tumbleweed | >= ? < 1.9.0-1.1 | 1.9.0-1.1 |
| suse | suse_linux_enterprise_desktop_15_sp5 | >= ? < 1.9.0-150400.10.6.1 | 1.9.0-150400.10.6.1 |
| suse | suse_linux_enterprise_desktop_15_sp6 | >= ? < 1.9.0-150400.10.6.1 | 1.9.0-150400.10.6.1 |
| suse | suse_linux_enterprise_high_performance_computing_15_sp5 | >= ? < 1.9.0-150400.10.6.1 | 1.9.0-150400.10.6.1 |
| suse | suse_linux_enterprise_high_performance_computing_15_sp6 | >= ? < 1.9.0-150400.10.6.1 | 1.9.0-150400.10.6.1 |
| suse | suse_linux_enterprise_module_for_development_tools_15_sp5 | >= ? < 1.9.0-150400.10.6.1 | 1.9.0-150400.10.6.1 |
| suse | suse_linux_enterprise_module_for_development_tools_15_sp6 | >= ? < 1.9.0-150400.10.6.1 | 1.9.0-150400.10.6.1 |
| suse | suse_linux_enterprise_server_12_sp5 | >= ? < 0.183.0-15.18.1 | 0.183.0-15.18.1 |
| suse | suse_linux_enterprise_server_15_sp5 | >= ? < 1.9.0-150400.10.6.1 | 1.9.0-150400.10.6.1 |
| suse | suse_linux_enterprise_server_15_sp6 | >= ? < 1.9.0-150400.10.6.1 | 1.9.0-150400.10.6.1 |
| suse | suse_linux_enterprise_server_for_sap_applications_12_sp5 | >= ? < 0.183.0-15.18.1 | 0.183.0-15.18.1 |
| suse | suse_linux_enterprise_server_for_sap_applications_15_sp5 | >= ? < 1.9.0-150400.10.6.1 | 1.9.0-150400.10.6.1 |
| suse | suse_linux_enterprise_server_for_sap_applications_15_sp6 | >= ? < 1.9.0-150400.10.6.1 | 1.9.0-150400.10.6.1 |
| suse | suse_linux_enterprise_software_development_kit_12_sp5 | >= ? < 0.183.0-15.18.1 | 0.183.0-15.18.1 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
osv5.5MEDIUM