CVE-2019-3681

osc: stores downloaded (supposed) RPM in network-controlled filesystem paths

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

1.6%

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .

Una vulnerabilidad de Control Externo de Nombre de Archivo o Ruta en osc de SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory, permitió a atacantes remotos que pueden cambiar los paquetes descargados para sobrescribir archivos arbitrarios. Este problema afecta: osc de SUSE Linux Enterprise Module for Development Tools 15 versiones anteriores a 0.169.1-3.20.1. osc de SUSE Linux Enterprise Software Development Kit 12-SP5 versiones anteriores a 0.162.1-15.9.1. osc de SUSE Linux Enterprise Software Development Kit 12-SP4 versiones anteriores a 0.162.1-15.9.1. osc de openSUSE Leap 15.1 versiones anteriores a 0.169.1-lp151.2.15.1. osc de openSUSE Factory versiones anteriores a 0.169.0

*Credits: Malte Kraus of SUSE

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-01-03 CVE Reserved
2020-06-29 CVE Published
2024-09-17 CVE Updated
2024-09-17 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-73: External Control of File Name or Path

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC
https://bugzilla.suse.com/show_bug.cgi?id=1122675	2024-09-17

1 - 1 of 1

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions (5)

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Opensuse Search vendor "Opensuse"	Osc Search vendor "Opensuse" for product "Osc"	< 0.169.1-3.20.1 Search vendor "Opensuse" for product "Osc" and version " < 0.169.1-3.20.1"	-	Affected	in	Suse Search vendor "Suse"	Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"	15 Search vendor "Suse" for product "Linux Enterprise Server" and version "15"	-	Safe
Opensuse Search vendor "Opensuse"	Osc Search vendor "Opensuse" for product "Osc"	< 0.162.1-15.9.1 Search vendor "Opensuse" for product "Osc" and version " < 0.162.1-15.9.1"	-	Affected	in	Suse Search vendor "Suse"	Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit"	12 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12"	sp5	Safe
Opensuse Search vendor "Opensuse"	Osc Search vendor "Opensuse" for product "Osc"	< 0.162.1-15.9.1 Search vendor "Opensuse" for product "Osc" and version " < 0.162.1-15.9.1"	-	Affected	in	Suse Search vendor "Suse"	Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit"	12 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12"	sp4	Safe
Opensuse Search vendor "Opensuse"	Osc Search vendor "Opensuse" for product "Osc"	< 0.169.1-lp151.2.15.1 Search vendor "Opensuse" for product "Osc" and version " < 0.169.1-lp151.2.15.1"	-	Affected	in	Opensuse Search vendor "Opensuse"	Leap Search vendor "Opensuse" for product "Leap"	15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"	-	Safe
Opensuse Search vendor "Opensuse"	Osc Search vendor "Opensuse" for product "Osc"	< 0.169.0 Search vendor "Opensuse" for product "Osc" and version " < 0.169.0"	-	Affected	in	Opensuse Search vendor "Opensuse"	Factory Search vendor "Opensuse" for product "Factory"	-	-	Safe

1 - 5 of 5