CVE-2019-18899

Published: Jan 23, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.

Affected (2)

Products: Apt Cacher Ng Project: Apt Cacher Ng · Opensuse: Backports

Apt Cacher Ng Project

1 product

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apt Cacher Ng Project Apt Cacher Ng	Before 3.1-lp151.3.3.1

Running on/with	Platform Versions
Opensuse Leap	Version 15.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Backports	Version sle-15 sp1

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html

Source: meissner@suse.de

Mailing ListVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html

Source: meissner@suse.de

Mailing ListVendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1157703

Source: meissner@suse.de

Issue TrackingVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1157703

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.