Published: 24/01/2020 Updated: 27/02/2020

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local malicious users to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions before 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions before 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensuse libzypp

Debian Bug report logs - #953362 libzypp: CVE-2019-18900 Package: src:libzypp; Maintainer for src:libzypp is Mike Gabriel <sunweaver@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 8 Mar 2020 13:54:02 UTC Severity: important Tags: security, upstream Found in version libzypp/1770-1 ...

CWE-276 https://bugzilla.suse.com/show_bug.cgi?id=1158763 http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00036.html https://lists.debian.org/debian-lts-announce/2020/03/msg00005.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953362 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-18900

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect