Published: 29/06/2020 Updated: 09/07/2020

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions before 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions before 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions before 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions before 0.169.1-lp151.2.15.1. openSUSE Factory osc versions before 0.169.0 .

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensuse osc

Debian Bug report logs - #969999 osc: CVE-2019-3681 Package: src:osc; Maintainer for src:osc is RPM packaging team <team+pkg-rpm@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 9 Sep 2020 20:09:01 UTC Severity: important Tags: security, upstream Found in version osc/01682-1 ...

CWE-73 https://bugzilla.suse.com/show_bug.cgi?id=1122675 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969999 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-3681

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect