CVE-2018-15912

Published: Aug 29, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially containing hooks with arbitrary code, which will automatically be run as root, or remove packages vital to the system.

Affected (1)

Products: Manjaro: Manjaro Linux

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Manjaro Manjaro Linux	Up to 20180716-1

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

https://gitlab.manjaro.org/packages/core/manjaro-system/commit/8208b8a

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.manjaro.org/pipermail/manjaro-security/2018-August/000785.html

Source: cve@mitre.org

ExploitMailing ListVendor Advisory

https://gitlab.manjaro.org/packages/core/manjaro-system/commit/8208b8a

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.manjaro.org/pipermail/manjaro-security/2018-August/000785.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListVendor Advisory

Timeline

No history available yet.