Oval Definition:oval:org.opensuse.security:def:20185702
Revision Date:2022-06-30Version:1
Title:CVE-2018-5702
Description:

Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-5702
Mitre CVE-2018-5702
SUSE CVE-2018-5702
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Tumbleweed
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • transmission-common-2.94-lp150.1 is installed
  • AND transmission-common is signed with openSUSE key
  • OR
  • transmission-gtk-2.94-lp150.1 is installed
  • AND transmission-gtk is signed with openSUSE key
  • OR
  • transmission-gtk-lang-2.94-lp150.1 is installed
  • AND transmission-gtk-lang is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • transmission-3.00-2.8 is installed
  • OR transmission-common-3.00-2.8 is installed
  • OR transmission-daemon-3.00-2.8 is installed
  • OR transmission-gtk-3.00-2.8 is installed
  • OR transmission-gtk-lang-3.00-2.8 is installed
  • OR transmission-qt-3.00-2.8 is installed
  • OR transmission-qt-lang-3.00-2.8 is installed
    • Definition Synopsis
  • openSUSE Leap 15.3 is installed
  • AND Package Information
  • transmission-common-2.94-bp153.1.20 is installed
  • AND transmission-common is signed with openSUSE key
  • OR
  • transmission-gtk-2.94-bp153.1.20 is installed
  • AND transmission-gtk is signed with openSUSE key
  • OR
  • transmission-gtk-lang-2.94-bp153.1.20 is installed
  • AND transmission-gtk-lang is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 15.4 is installed
  • AND Package Information
  • transmission-common-3.00-bp154.1.67 is installed
  • AND transmission-common is signed with openSUSE key
  • OR
  • transmission-gtk-3.00-bp154.1.67 is installed
  • AND transmission-gtk is signed with openSUSE key
  • OR
  • transmission-gtk-lang-3.00-bp154.1.67 is installed
  • AND transmission-gtk-lang is signed with openSUSE key
    • BACK