CVE-2024-22034 MEDIUM

CVE-2024-22034: Crafted projects can overwrite special files in the .osc config directory

Vendor Suse
Product SUSE Linux Enterprise Desktop 15 SP5
Published October 16, 2024
Last update October 31, 2024

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim

Key dates

02Disclosure timeline

October 16, 2024 CVE published
October 31, 2024 Record updated