CVE-2018-15912

{"id": "CVE-2018-15912", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-08-29T19:29:00.967", "references": [{"url": "https://gitlab.manjaro.org/packages/core/manjaro-system/commit/8208b8a", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.manjaro.org/pipermail/manjaro-security/2018-August/000785.html", "tags": ["Exploit", "Mailing List", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially containing hooks with arbitrary code, which will automatically be run as root, or remove packages vital to the system."}, {"lang": "es", "value": "Se ha descubierto un problema en manjaro-update-system.sh en manjaro-system 20180716-1 en Manjaro Linux. Un atacante local puede instalar o eliminar paquetes arbitrarios y repositorios de paquetes que podr\u00edan contener enlaces con c\u00f3digo arbitrario, que se ejecutar\u00e1n autom\u00e1ticamente como root, o eliminar paquetes fundamentales para el sistema."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:manjaro:manjaro_linux:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D032981B-29C2-459E-9378-2EAB31AD54F4", "versionEndIncluding": "20180716-1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}