Unrated severityNVD Advisory· Published Feb 7, 2023· Updated Mar 25, 2025
libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls
CVE-2023-22643
Description
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20- Range: <1.0.1+git.20180426
- osv-coords17 versionspkg:rpm/opensuse/libzypp-plugin-appdata&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/libzypp-plugin-appdata&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/libzypp-plugin-appdata&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/libzypp-plugin-appdata&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/libzypp-plugin-appdata&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/libzypp-plugin-appdata&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/libzypp-plugin-appdata&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/libzypp-plugin-appdata&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/libzypp-plugin-appdata&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/libzypp-plugin-appdata&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/libzypp-plugin-appdata&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/libzypp-plugin-appdata&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/libzypp-plugin-appdata&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/libzypp-plugin-appdata&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/libzypp-plugin-appdata&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/libzypp-plugin-appdata&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/libzypp-plugin-appdata&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
< 1.0.1+git.20180426-150400.18.3.1+ 16 more
- (no CPE)range: < 1.0.1+git.20180426-150400.18.3.1
- (no CPE)range: < 1.0.1+git.20180426-150100.8.3.1
- (no CPE)range: < 1.0.1+git.20180426-150100.8.3.1
- (no CPE)range: < 1.0.1+git.20180426-150100.8.3.1
- (no CPE)range: < 1.0.1+git.20180426-150100.8.3.1
- (no CPE)range: < 1.0.1+git.20180426-150100.8.3.1
- (no CPE)range: < 1.0.1+git.20180426-150100.8.3.1
- (no CPE)range: < 1.0.1+git.20180426-150100.8.3.1
- (no CPE)range: < 1.0.1+git.20180426-150400.18.3.1
- (no CPE)range: < 1.0.1+git.20180426-150400.18.3.1
- (no CPE)range: < 1.0.1+git.20180426-150100.8.3.1
- (no CPE)range: < 1.0.1+git.20180426-150100.8.3.1
- (no CPE)range: < 1.0.1+git.20180426-150100.8.3.1
- (no CPE)range: < 1.0.1+git.20180426-150100.8.3.1
- (no CPE)range: < 1.0.1+git.20180426-150100.8.3.1
- (no CPE)range: < 1.0.1+git.20180426-150100.8.3.1
- (no CPE)range: < 1.0.1+git.20180426-150100.8.3.1
- openSUSE/openSUSE Leap 15.4v5Range: libzypp-plugin-appdata
- Range: libzypp-plugin-appdata
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.