Code injection

2018-03-0120:29:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.4%

JSON

In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.

References

bugzilla.suse.com/show_bug.cgi?id=1045735

lists.opensuse.org/opensuse-security-announce/2017-08/msg00002.html

www.suse.com/de-de/security/cve/CVE-2017-9269/