Upstream information

CVE-2022-45155 at MITRE

Description

An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v3 Scores
  National Vulnerability Database SUSE
Base Score 5.5 5.5
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector Local Local
Attack Complexity Low Low
Privileges Required None None
User Interaction Required Required
Scope Unchanged Unchanged
Confidentiality Impact None None
Integrity Impact High High
Availability Impact None None
CVSSv3 Version 3.1 3.1
SUSE Bugzilla entry: 1201138 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • obs-service-go_modules >= 0.6.1-1.1
Patchnames:
openSUSE Tumbleweed GA obs-service-go_modules-0.6.1-1.1


SUSE Timeline for this CVE

CVE page created: Mon Jul 4 10:45:14 2022
CVE page last modified: Thu Mar 16 12:06:04 2023