CVE-2014-0593 HIGH

CVE-2014-0593: sed command injection

Vendor Opensuse

Product obs-service-set_version

Weakness CWE-78

Published June 8, 2018

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server.

Key dates

02Disclosure timeline

June 8, 2018 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2014-0593

Related vulnerabilities

Identifiers

CVE CVE-2014-0593

CWE CWE-78

CVSS 7.8 / HIGH

Affected versions