5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.5 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
59.9%
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.
CPE | Name | Operator | Version |
---|---|---|---|
novell:suse_linux | novell suse linux | eq | 10.0 |
suse:suse_linux | suse suse linux | eq | 9.3 |
More