CVE-2024-22034

5 documents5 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 94.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Opensuse Leap 15.5 Suse Opensuse Leap 15.6 Suse Opensuse Tumbleweed +13 more

Timeline

PublishedOct 16

Description

Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages17 packages

▶CVEListV5suse/opensuse_leap_15.5? — 1.9.0-150400.10.6.1

▶CVEListV5suse/opensuse_leap_15.6? — 1.9.0-150400.10.6.1

▶CVEListV5suse/opensuse_tumbleweed? — 1.9.0-1.1

▶CVEListV5suse/suse_linux_enterprise_server_12_sp5? — 0.183.0-15.18.1

▶CVEListV5suse/suse_linux_enterprise_server_15_sp5? — 1.9.0-150400.10.6.1

🔴Vulnerability Details

OSV

CVE-2024-22034: Attackers could put the special files in↗2024-10-16

▶

GHSA

GHSA-gm3v-m2w5-wm38: Attackers could put the special files in↗2024-10-16

▶

CVEList

Crafted projects can overwrite special files in the .osc config directory↗2024-10-16

▶

📋Vendor Advisories

Debian

CVE-2024-22034: osc - Attackers could put the special files in .osc into the actual package sources (e...↗2024

▶