Description
In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
References (3)
Core 3
Core References
Mailing List vendor-advisory
x_refsource_suse
https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00002.html
Various Sources x_refsource_confirm
https://www.suse.com/de-de/security/cve/CVE-2017-7435/
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1009127
Scores
CVSS v3
8.1
EPSS
0.0044
EPSS Percentile
63.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
opensuse/libzypp
< 16.15.2
Published
Mar 01, 2018
Tracked Since
Feb 18, 2026