CVE-2024-22034

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions osc (affected versions not specified)

Description The issue allows attackers to manipulate the configuration of osc by injecting special files in .osc into the actual package sources, such as apiurl. This enables the attacker to alter the osc configuration for the victim.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2024-22034

OESA-2024-2133

OPENSUSE-SU-2024:14277-1

OPENSUSE-SU-2024_2961-1

SUSE-SU-2024:2961-1

SUSE-SU-2024:2963-1

SUSE-SU-2024_2961-1

SUSE-SU-2024_2963-1

Affected Products

Debian

Suse

Osc

CVE-2024-22034

Related Identifiers

Affected Products

References · 25