Description
The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.
References (3)
Core 3
Core References
Mailing List, Vendor Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html
Mailing List, Vendor Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html
Issue Tracking, Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1157703
Scores
CVSS v3
6.2
EPSS
0.0012
EPSS Percentile
30.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-269
Status
published
Products (2)
apt-cacher-ng_project/apt-cacher-ng
< 3.1-lp151.3.3.1
opensuse/backports
sle-15 sp1
Published
Jan 23, 2020
Tracked Since
Feb 18, 2026