Vulnerability Description
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Libzypp-Plugin-Appdata | < 1.0.1\+git.20180426 |
| Opensuse | Leap | 15.4 |
| Suse | Suse Linux Enterprise Server | 15 |
Related Weaknesses (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=1206836ExploitIssue TrackingPatch
- https://bugzilla.suse.com/show_bug.cgi?id=1206836ExploitIssue TrackingPatch
FAQ
What is CVE-2023-22643?
CVE-2023-22643 is a vulnerability with a CVSS score of 6.3 (MEDIUM). An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4...
How severe is CVE-2023-22643?
CVE-2023-22643 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-22643?
Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Libzypp-Plugin-Appdata, Opensuse Leap, Suse Suse Linux Enterprise Server.