CVE-2022-45155: obs-service-go_modules: arbitrary directory delete
First published: Wed Mar 15 2023(Updated: )
An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE openSUSE Factory | <0.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-45155.
What is the affected software for this vulnerability?
The affected software for this vulnerability is SUSE openSUSE Factory obs-service-go_modules version up to and excluding 0.6.1.
What is the severity of CVE-2022-45155?
The severity of CVE-2022-45155 is medium.
How can an attacker exploit this vulnerability?
An attacker that can influence the call to the obs-service-go_modules service can exploit this vulnerability to delete files and directories on the victim's system.
Is there a fix available for CVE-2022-45155?
Yes, updating to a version higher than 0.6.1 of SUSE openSUSE Factory obs-service-go_modules resolves this vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/suse
- canonical/suse opensuse factory