Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2019-2005.NASLHistoryAug 26, 2019 - 12:00 a.m.
openSUSE Security Update : qbittorrent (openSUSE-2019-2005)
2019-08-2600:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.9 High
AI Score
Confidence
High
0.038 Low
EPSS
Percentile
91.9%
This update for qbittorrent fixes the following issues :
- CVE-2019-13640: avoid command injection (boo#1141967)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-2005.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('compat.inc');
if (description)
{
script_id(128143);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/01");
script_cve_id("CVE-2019-13640");
script_name(english:"openSUSE Security Update : qbittorrent (openSUSE-2019-2005)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"This update for qbittorrent fixes the following issues :
- CVE-2019-13640: avoid command injection (boo#1141967)");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1141967");
script_set_attribute(attribute:"solution", value:
"Update the affected qbittorrent packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13640");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/17");
script_set_attribute(attribute:"patch_publication_date", value:"2019/08/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qbittorrent");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qbittorrent-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qbittorrent-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qbittorrent-nox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qbittorrent-nox-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE15.1", reference:"qbittorrent-4.1.5-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"qbittorrent-debuginfo-4.1.5-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"qbittorrent-debugsource-4.1.5-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"qbittorrent-nox-4.1.5-lp151.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"qbittorrent-nox-debuginfo-4.1.5-lp151.2.3.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qbittorrent / qbittorrent-debuginfo / qbittorrent-debugsource / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | qbittorrent | p-cpe:/a:novell:opensuse:qbittorrent |
| novell | opensuse | qbittorrent-debuginfo | p-cpe:/a:novell:opensuse:qbittorrent-debuginfo |
| novell | opensuse | qbittorrent-debugsource | p-cpe:/a:novell:opensuse:qbittorrent-debugsource |
| novell | opensuse | qbittorrent-nox | p-cpe:/a:novell:opensuse:qbittorrent-nox |
| novell | opensuse | qbittorrent-nox-debuginfo | p-cpe:/a:novell:opensuse:qbittorrent-nox-debuginfo |
| novell | opensuse | 15.1 | cpe:/o:novell:opensuse:15.1 |
Related
suse
suse
Security update for qbittorrent (moderate)
2019-08-24 00:00:00
Security update for qbittorrent (moderate)
2019-08-30 00:00:00
ubuntucve
ubuntucve
CVE-2019-13640
2019-07-17 00:00:00
alpinelinux
alpinelinux
CVE-2019-13640
2019-07-17 22:15:10
debian
debian
[SECURITY] [DSA 4650-1] qbittorrent security update
2020-04-02 20:49:51
[SECURITY] [DSA 4650-1] qbittorrent security update
2020-04-02 20:49:51
nessus
nessus
Debian DSA-4650-1 : qbittorrent - security update
2020-04-03 00:00:00
Fedora 30 : 1:qbittorrent (2019-2cb551904b)
2019-09-19 00:00:00
Fedora 29 : 1:qbittorrent (2019-ce6c6de3cc)
2019-09-19 00:00:00
cvelist
cvelist
CVE-2019-13640
2019-07-17 21:07:47
fedora
fedora
[SECURITY] Fedora 29 Update: qbittorrent-4.1.7-1.fc29
2019-09-19 01:54:00
[SECURITY] Fedora 30 Update: qbittorrent-4.1.7-1.fc30
2019-09-19 01:32:14
osv
osv
qbittorrent - security update
2020-04-02 00:00:00
CVE-2019-13640
2019-07-17 22:15:10
prion
prion
Command injection
2019-07-17 22:15:00
openvas
openvas
Mageia: Security Advisory (MGASA-2019-0379)
2022-01-28 00:00:00
Fedora Update for qbittorrent FEDORA-2019-ce6c6de3cc
2019-09-19 00:00:00
openSUSE: Security Advisory for qbittorrent (openSUSE-SU-2019:2005-1)
2020-01-09 00:00:00
mageia
mageia
Updated qbittorrent packages fix security vulnerability
2019-12-13 21:25:24
nvd
nvd
CVE-2019-13640
2019-07-17 22:15:10
cve
cve
CVE-2019-13640
2019-07-17 22:15:10
debiancve
debiancve
CVE-2019-13640
2019-07-17 22:15:10
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.9 High
AI Score
Confidence
High
0.038 Low
EPSS
Percentile
91.9%
Related for OPENSUSE-2019-2005.NASL