What is CVE-2024-22033?

CVE-2024-22033 is a medium-severity vulnerability in Suse Opensuse Leap 15.5, classified under OS Command Injection. CVSS score: 6.3/10. Published 2024-10-16.

How severe is CVE-2024-22033?

Medium severity. CVSS v3 base score is 6.3 out of 10.

RCE in Suse Opensuse Leap 15.5

CVE-2024-22033

The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.003 (51.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Suse Opensuse Leap 15.5 — versions ?
Suse Opensuse Leap 15.6 — versions ?
Suse Opensuse Tumbleweed — versions ?
Suse Package Hub 15 Sp5 — versions ?
Suse Package Hub 15 Sp6 — versions ?

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

bugzilla.suse.com/show_bug.cgi

Frequently asked questions

What is CVE-2024-22033?: CVE-2024-22033 is a medium-severity vulnerability in Suse Opensuse Leap 15.5, classified under OS Command Injection. CVSS score: 6.3/10. Published 2024-10-16.
How severe is CVE-2024-22033?: Medium severity. CVSS v3 base score is 6.3 out of 10.