CVE-2023-22643

libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls

CVSS 6.3 MEDIUMEPSS 2.4%CWE-78

In short

A vulnerability in libzypp-plugin-appdata allows attackers to run arbitrary code with root privileges by injecting malicious commands through repository settings. An attacker can trick a user into using specially crafted repository configuration values to execute commands on the system.

Technical detail

OS command injection vulnerability in libzypp-plugin-appdata stemming from unsafe use of os.system() calls. Attackers can inject shell metacharacters via REPO_ALIAS, REPO_TYPE, or REPO_METADATA_PATH parameters to achieve code execution with root privileges, provided a user is tricked into applying the malicious repository configuration.

Summary generated and translated by AI from the official description.

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426.

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected products

openSUSE · openSUSE Leap 15.4 SUSE · SUSE Linux Enterprise Server for SAP 15-SP3

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.suse.com/show_bug.cgi?id=1206836