CVE-2023-22643

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426 openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426

Description The issue is related to an Improper Neutralization of Special Elements used in an OS Command, also known as 'OS Command Injection'. This allows attackers to execute code as root if they can trick users into using specially crafted REPO ALIAS, REPO TYPE, or REPO METADATA PATH settings.

Recommendations For SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426, update to version 1.0.1+git.20180426 or later. For openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426, update to version 1.0.1+git.20180426 or later. As a temporary workaround, consider restricting the use of REPO ALIAS, REPO TYPE, and REPO METADATA PATH settings to minimize the risk of exploitation.