CVE-2019-18900 is a vulnerability in Suse Linux Enterprise Server
Published on January 24, 2020
libzypp stores cookies world readable
: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1.
Vulnerability Analysis
CVE-2019-18900 is exploitable with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
Products Associated with CVE-2019-18900
Want to know whenever a new CVE is published for Suse Linux Enterprise Server? stack.watch will email you.
Affected Versions
SUSE CaaS Platform 3.0:- Version libzypp and below 16.21.2-27.68.1 is affected.
- Version libzypp and below 16.21.2-2.45.1 is affected.
- Version libzypp 17.19.0-3.34.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.