CVE-2019-3681

A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .
References
Link Resource
https://bugzilla.suse.com/show_bug.cgi?id=1122675 Exploit Issue Tracking Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:opensuse:osc:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:opensuse:osc:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp5:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:opensuse:osc:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp4:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:opensuse:osc:*:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:opensuse:osc:*:*:*:*:*:*:*:*
cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*

Information

Published : 2020-06-29 05:15

Updated : 2020-07-09 11:06


NVD link : CVE-2019-3681

Mitre link : CVE-2019-3681


JSON object : View

CWE
CWE-73

External Control of File Name or Path

Advertisement

dedicated server usa

Products Affected

suse

  • linux_enterprise_software_development_kit
  • linux_enterprise_server

opensuse

  • osc
  • leap
  • factory