CVE-2024-37372 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-37372 Interim 1 17 2026-03-05T02:27:01Z current 2024-07-09T23:11:09Z 2026-03-05T02:27:01Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-37372 The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2024-July/018990.html E-Mail link for SUSE-SU-2024:2543-1 https://lists.suse.com/pipermail/sle-updates/2024-July/036101.html E-Mail link for SUSE-SU-2024:2574-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OWCPL7VTEVIGUDVKLEV2D2ITNTWKC4AZ/ E-Mail link for openSUSE-SU-2024:14435-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Container containers/open-webui:0.6.9-10.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP5 SUSE Linux Enterprise Module for Web and Scripting 15 SP6 SUSE Linux Enterprise Module for Web and Scripting 15 SP5 SUSE Linux Enterprise Module for Web and Scripting 15 SP6 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Module for Web and Scripting 15 SP5 SUSE Linux Enterprise Module for Web and Scripting 15 SP6 openSUSE Leap 15.5 openSUSE Leap 15.6 openSUSE Tumbleweed corepack20-20.15.1-1.1 corepack20-20.15.1-150500.11.12.2 corepack20-20.15.1-150600.3.3.2 corepack22-22.10.0-1.1 corepack22-22.15.1-160000.2.2 corepack24-24.11.1-2.1 nodejs20-20.15.1-1.1 nodejs20-20.15.1-150500.11.12.2 nodejs20-20.15.1-150600.3.3.2 nodejs20-devel-20.15.1-1.1 nodejs20-devel-20.15.1-150500.11.12.2 nodejs20-devel-20.15.1-150600.3.3.2 nodejs20-docs-20.15.1-1.1 nodejs20-docs-20.15.1-150500.11.12.2 nodejs20-docs-20.15.1-150600.3.3.2 nodejs22-22.10.0-1.1 nodejs22-22.15.1-160000.2.2 nodejs22-devel-22.10.0-1.1 nodejs22-devel-22.15.1-160000.2.2 nodejs22-docs-22.10.0-1.1 nodejs22-docs-22.15.1-160000.2.2 nodejs24-24.11.1-2.1 nodejs24-devel-24.11.1-2.1 nodejs24-docs-24.11.1-2.1 npm20-20.15.1-1.1 npm20-20.15.1-150500.11.12.2 npm20-20.15.1-150600.3.3.2 npm22-22.10.0-1.1 npm22-22.15.1-160000.2.2 npm24-24.11.1-2.1 nodejs20-20.15.1-150600.3.3.2 as a component of Container containers/open-webui:0.6.9-10.1 nodejs20-20.15.1-150500.11.12.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 nodejs20-devel-20.15.1-150500.11.12.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 nodejs20-docs-20.15.1-150500.11.12.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 npm20-20.15.1-150500.11.12.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 nodejs20-20.15.1-150600.3.3.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 nodejs20-devel-20.15.1-150600.3.3.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 nodejs20-docs-20.15.1-150600.3.3.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 npm20-20.15.1-150600.3.3.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 corepack22-22.15.1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 nodejs22-22.15.1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 nodejs22-devel-22.15.1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 nodejs22-docs-22.15.1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 npm22-22.15.1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 corepack20-20.15.1-150500.11.12.2 as a component of openSUSE Leap 15.5 nodejs20-20.15.1-150500.11.12.2 as a component of openSUSE Leap 15.5 nodejs20-devel-20.15.1-150500.11.12.2 as a component of openSUSE Leap 15.5 nodejs20-docs-20.15.1-150500.11.12.2 as a component of openSUSE Leap 15.5 npm20-20.15.1-150500.11.12.2 as a component of openSUSE Leap 15.5 corepack20-20.15.1-150600.3.3.2 as a component of openSUSE Leap 15.6 nodejs20-20.15.1-150600.3.3.2 as a component of openSUSE Leap 15.6 nodejs20-devel-20.15.1-150600.3.3.2 as a component of openSUSE Leap 15.6 nodejs20-docs-20.15.1-150600.3.3.2 as a component of openSUSE Leap 15.6 npm20-20.15.1-150600.3.3.2 as a component of openSUSE Leap 15.6 corepack20-20.15.1-1.1 as a component of openSUSE Tumbleweed corepack22-22.10.0-1.1 as a component of openSUSE Tumbleweed corepack24-24.11.1-2.1 as a component of openSUSE Tumbleweed nodejs20-20.15.1-1.1 as a component of openSUSE Tumbleweed nodejs20-devel-20.15.1-1.1 as a component of openSUSE Tumbleweed nodejs20-docs-20.15.1-1.1 as a component of openSUSE Tumbleweed nodejs22-22.10.0-1.1 as a component of openSUSE Tumbleweed nodejs22-devel-22.10.0-1.1 as a component of openSUSE Tumbleweed nodejs22-docs-22.10.0-1.1 as a component of openSUSE Tumbleweed nodejs24-24.11.1-2.1 as a component of openSUSE Tumbleweed nodejs24-devel-24.11.1-2.1 as a component of openSUSE Tumbleweed nodejs24-docs-24.11.1-2.1 as a component of openSUSE Tumbleweed npm20-20.15.1-1.1 as a component of openSUSE Tumbleweed npm22-22.10.0-1.1 as a component of openSUSE Tumbleweed npm24-24.11.1-2.1 as a component of openSUSE Tumbleweed The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases. CVE-2024-37372 Container containers/open-webui:0.6.9-10.1:nodejs20-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:corepack20-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:nodejs20-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:nodejs20-devel-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:nodejs20-docs-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:npm20-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.15.1-150500.11.12.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.15.1-150500.11.12.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.15.1-150500.11.12.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.15.1-150500.11.12.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.15.1-150600.3.3.2 SUSE Linux Enterprise Server 16.0:corepack22-22.15.1-160000.2.2 SUSE Linux Enterprise Server 16.0:nodejs22-22.15.1-160000.2.2 SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.15.1-160000.2.2 SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.15.1-160000.2.2 SUSE Linux Enterprise Server 16.0:npm22-22.15.1-160000.2.2 openSUSE Leap 15.5:corepack20-20.15.1-150500.11.12.2 openSUSE Leap 15.5:nodejs20-20.15.1-150500.11.12.2 openSUSE Leap 15.5:nodejs20-devel-20.15.1-150500.11.12.2 openSUSE Leap 15.5:nodejs20-docs-20.15.1-150500.11.12.2 openSUSE Leap 15.5:npm20-20.15.1-150500.11.12.2 openSUSE Leap 15.6:corepack20-20.15.1-150600.3.3.2 openSUSE Leap 15.6:nodejs20-20.15.1-150600.3.3.2 openSUSE Leap 15.6:nodejs20-devel-20.15.1-150600.3.3.2 openSUSE Leap 15.6:nodejs20-docs-20.15.1-150600.3.3.2 openSUSE Leap 15.6:npm20-20.15.1-150600.3.3.2 openSUSE Tumbleweed:corepack20-20.15.1-1.1 openSUSE Tumbleweed:corepack22-22.10.0-1.1 openSUSE Tumbleweed:corepack24-24.11.1-2.1 openSUSE Tumbleweed:nodejs20-20.15.1-1.1 openSUSE Tumbleweed:nodejs20-devel-20.15.1-1.1 openSUSE Tumbleweed:nodejs20-docs-20.15.1-1.1 openSUSE Tumbleweed:nodejs22-22.10.0-1.1 openSUSE Tumbleweed:nodejs22-devel-22.10.0-1.1 openSUSE Tumbleweed:nodejs22-docs-22.10.0-1.1 openSUSE Tumbleweed:nodejs24-24.11.1-2.1 openSUSE Tumbleweed:nodejs24-devel-24.11.1-2.1 openSUSE Tumbleweed:nodejs24-docs-24.11.1-2.1 openSUSE Tumbleweed:npm20-20.15.1-1.1 openSUSE Tumbleweed:npm22-22.10.0-1.1 openSUSE Tumbleweed:npm24-24.11.1-2.1 moderate