First published: Fri Jan 24 2020(Updated: )
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1.
Credit: meissner@suse.de
Affected Software | Affected Version | How to fix |
---|---|---|
Opensuse Libzypp | <16.21.2-27.68.1 | |
SUSE CaaS Platform | =3.0 | |
Opensuse Libzypp | <16.21.2-2.45.1 | |
SUSE SUSE Linux Enterprise Server | =12 | |
Opensuse Libzypp | <17.19.0-3.34.1 | |
SUSE SUSE Linux Enterprise Server | =15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2019-18900.
The severity of CVE-2019-18900 is medium with a CVSS score of 3.3.
CVE-2019-18900 affects SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, and SUSE Linux Enterprise Server 15.
CVE-2019-18900 allows local attackers to read a cookie store used by libzypp, exposing private cookies.
Yes, you can find references for CVE-2019-18900 at the following links: [Link1], [Link2], [Link3].