← back
CVE-2019-18899

apt-cacher-ng insecure use of /run/apt-cacher-ng

CVSS 6.2 MEDIUMEPSS 0.3%CWE-269
The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected products
openSUSE · Leap 15.1

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.htmlhttps://bugzilla.suse.com/show_bug.cgi?id=1157703