CVE-2023-22643 - Vulnerability Details - OpenCVE

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Opensuse	Leap Libzypp-plugin-appdata
Suse	Suse Linux Enterprise Server

Configuration 1 [-]

AND

cpe:2.3:a:opensuse:libzypp-plugin-appdata:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:opensuse:leap:15.4:::::::*
	cpe:2.3:o:suse:suse_linux_enterprise_server:15:sp3::::sap::*

No data.

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=1206836

History

Tue, 25 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: suse

Published: 2023-02-07T00:00:00.000Z

Updated: 2025-03-25T14:31:19.350Z

Reserved: 2023-01-05T00:00:00.000Z

Link: CVE-2023-22643

Vulnrichment

Updated: 2024-08-02T10:13:49.511Z

NVD

Status : Modified

Published: 2023-02-07T10:15:52.687

Modified: 2024-11-21T07:45:07.000

Link: CVE-2023-22643

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-22643", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "dateUpdated": "2025-03-25T14:31:19.350Z", "dateReserved": "2023-01-05T00:00:00.000Z", "datePublished": "2023-02-07T00:00:00.000Z"}, "containers": {"cna": {"title": "libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls", "datePublic": "2023-01-17T00:00:00.000Z", "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2023-02-07T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426."}], "affected": [{"vendor": "SUSE", "product": "SUSE Linux Enterprise Server for SAP 15-SP3", "versions": [{"version": "libzypp-plugin-appdata", "status": "affected", "lessThan": "1.0.1+git.20180426", "versionType": "custom"}]}, {"vendor": "openSUSE", "product": "openSUSE Leap 15.4", "versions": [{"version": "libzypp-plugin-appdata", "status": "affected", "lessThan": "1.0.1+git.20180426", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1206836"}], "credits": [{"lang": "en", "value": "Matthias Gerstner of SUSE"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "cweId": "CWE-78"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1206836", "defect": ["1206836"], "discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:13:49.511Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1206836", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-25T14:31:15.373763Z", "id": "CVE-2023-22643", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-25T14:31:19.350Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1206836", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:13:49.511Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-22643", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-25T14:31:15.373763Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-25T14:30:48.774Z"}}], "cna": {"title": "libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls", "source": {"defect": ["1206836"], "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1206836", "discovery": "INTERNAL"}, "credits": [{"lang": "en", "value": "Matthias Gerstner of SUSE"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "SUSE", "product": "SUSE Linux Enterprise Server for SAP 15-SP3", "versions": [{"status": "affected", "version": "libzypp-plugin-appdata", "lessThan": "1.0.1+git.20180426", "versionType": "custom"}]}, {"vendor": "openSUSE", "product": "openSUSE Leap 15.4", "versions": [{"status": "affected", "version": "libzypp-plugin-appdata", "lessThan": "1.0.1+git.20180426", "versionType": "custom"}]}], "datePublic": "2023-01-17T00:00:00.000Z", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1206836"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2023-02-07T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-22643", "state": "PUBLISHED", "dateUpdated": "2025-03-25T14:31:19.350Z", "dateReserved": "2023-01-05T00:00:00.000Z", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "datePublished": "2023-02-07T00:00:00.000Z", "assignerShortName": "suse"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:libzypp-plugin-appdata:*:*:*:*:*:*:*:*", "matchCriteriaId": "231CBDA6-33BA-44D6-81AF-B62C47F4A261", "versionEndExcluding": "1.0.1\\+git.20180426", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.4:*:*:*:*:*:*:*", "matchCriteriaId": "BE80EB04-7F9D-4C0B-85DB-4A13DEACB5E4", "vulnerable": false}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:15:sp3:*:*:*:sap:*:*", "matchCriteriaId": "107443F7-75CB-478B-B79A-EDD6582530DD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426."}, {"lang": "es", "value": "Una neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') en libzypp-plugin-appdata de SUSE Linux Enterprise Server para SAP 15-SP3; openSUSE Leap 15.4 permite a atacantes que pueden enga\u00f1ar a los usuarios utilizar configuraciones REPO_ALIAS, REPO_TYPE o REPO_METADATA_PATH especialmente manipuladas para ejecutar c\u00f3digo como root. Este problema afecta a: SUSE Linux Enterprise Server para versiones SAP 15-SP3 libzypp-plugin-appdata anteriores a 1.0.1+git.20180426. Versiones de openSUSE Leap 15.4 libzypp-plugin-appdata anteriores a 1.0.1+git.20180426."}], "id": "CVE-2023-22643", "lastModified": "2024-11-21T07:45:07.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.2, "source": "meissner@suse.de", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-07T10:15:52.687", "references": [{"source": "meissner@suse.de", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1206836"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1206836"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "meissner@suse.de", "type": "Secondary"}]}