CVE-2018-19639 is a vulnerability in OpenSuse Supportutils
Published on March 5, 2019
Code execution if run with command line switch -v
If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root.
Weakness Type
What is a Shell injection Vulnerability?
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVE-2018-19639 has been classified to as a Shell injection vulnerability or weakness.
Products Associated with CVE-2018-19639
Want to know whenever a new CVE is published for OpenSuse Supportutils? stack.watch will email you.
Affected Versions
SUSE supportutils:- Version unspecified and below 3.1-5.7.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.