suse · CVE-2023-22643

Quick triage

Priority: medium Published: 2023-01-19 00:44:33 UTC Updated: 2026-03-05 03:48:49 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2023-22643 severity moderate: SUSE including 8 source package names (libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1, libzypp-plugin-appdata-1.0.1+git.20180426-150400.18.3.1, …), 29 product×package rows across 27 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (27 product lines)): Fixed 29.

Description:

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426.

cvelogic Threat Intelligence