CVE-2017-9269

critical

Description

In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.

References

https://www.suse.com/de-de/security/cve/CVE-2017-9269/

https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00002.html

https://bugzilla.suse.com/show_bug.cgi?id=1045735

Details

Source: Mitre, NVD

Published: 2018-03-01

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical