Vulnerability Description
Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.
CVSS Score
6.5
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpinelinux | Abuild | <= 3.4.0 |
Related Weaknesses (CWE)
References
- https://code.foxkit.us/adelie/packages/commit/15b160780c6eeff7048063c099a7f8757ePatchThird Party Advisory
- https://github.com/sroracle/abuild/commit/4f90ce92778d0ee302e288def75591b96a397cPatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20190625-0005/
- https://code.foxkit.us/adelie/packages/commit/15b160780c6eeff7048063c099a7f8757ePatchThird Party Advisory
- https://github.com/sroracle/abuild/commit/4f90ce92778d0ee302e288def75591b96a397cPatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20190625-0005/
FAQ
What is CVE-2019-12875?
CVE-2019-12875 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.
How severe is CVE-2019-12875?
CVE-2019-12875 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12875?
Check the references section above for vendor advisories and patch information. Affected products include: Alpinelinux Abuild.