CVE-2019-18899 MEDIUM

CVE-2019-18899: apt-cacher-ng insecure use of /run/apt-cacher-ng

Vendor Opensuse
Product Leap 15.1
Weakness CWE-269
Published January 23, 2020
Last update September 17, 2024

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.

Key dates

02Disclosure timeline

January 23, 2020 CVE published
September 17, 2024 Record updated