CVE-2023-22643
libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426.
*Credits:
Matthias Gerstner of SUSE
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-01-05 CVE Reserved
- 2023-02-07 CVE Published
- 2025-03-25 CVE Updated
- 2025-03-25 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1206836 | 2025-03-25 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opensuse Search vendor "Opensuse" | Libzypp-plugin-appdata Search vendor "Opensuse" for product "Libzypp-plugin-appdata" | < 1.0.1\+git.20180426 Search vendor "Opensuse" for product "Libzypp-plugin-appdata" and version " < 1.0.1\+git.20180426" | - |
Affected
| in | Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.4 Search vendor "Opensuse" for product "Leap" and version "15.4" | - |
Safe
|
| Opensuse Search vendor "Opensuse" | Libzypp-plugin-appdata Search vendor "Opensuse" for product "Libzypp-plugin-appdata" | < 1.0.1\+git.20180426 Search vendor "Opensuse" for product "Libzypp-plugin-appdata" and version " < 1.0.1\+git.20180426" | - |
Affected
| in | Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 15 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "15" | sp3, sap |
Safe
|