What is CVE-2019-18900?

CVE-2019-18900 is a medium-severity vulnerability in Suse Caas Platform 3.0, classified under Incorrect Default Permissions. CVSS score: 4.0/10. Published 2020-01-24.

How severe is CVE-2019-18900?

Medium severity. CVSS v3 base score is 4.0 out of 10.

Vulnerability in Suse Caas Platform 3.0

CVE-2019-18900

: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies…

EPSS: 0.001 (27.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Suse Caas Platform 3.0 — versions libzypp
Suse Linux Enterprise Server 12 — versions libzypp
Suse Linux Enterprise Server 15 — versions libzypp 17.19.0-3.34.1

Weakness classification (CWE)

CWE-276 — Incorrect Default Permissions

References

bugzilla.suse.com/show_bug.cgi (x_refsource_CONFIRM)
openSUSE-SU-2020:0255 (vendor-advisory, x_refsource_SUSE)
[debian-lts-announce] 20200304 [SECURITY] [DLA 2132-1] libzypp security update (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2019-18900?: CVE-2019-18900 is a medium-severity vulnerability in Suse Caas Platform 3.0, classified under Incorrect Default Permissions. CVSS score: 4.0/10. Published 2020-01-24.
How severe is CVE-2019-18900?: Medium severity. CVSS v3 base score is 4.0 out of 10.