Vulnerability Details CVE-2019-3681
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 6.4
References
Products affected by CVE-2019-3681
-
cpe:2.3:a:opensuse:factory:-
-
cpe:2.3:a:opensuse:osc:*
-
cpe:2.3:a:opensuse:osc:0.162.1-15.9.1
-
cpe:2.3:a:opensuse:osc:0.169.0
-
cpe:2.3:a:opensuse:osc:0.169.1-3.20.1
-
cpe:2.3:o:opensuse:leap:15.1
-
cpe:2.3:o:suse:linux_enterprise_server:15
-
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12