CVE-2018-17956

Published: Mar 15, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list

Affected (1)

Products: Opensuse: Yast2 Samba Provision

Opensuse

1 product

Yast2 Samba Provision

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Yast2 Samba Provision	Up to 1.0.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://bugzilla.suse.com/show_bug.cgi?id=1117597

Source: security@opentext.com

https://bugzilla.suse.com/show_bug.cgi?id=1117597

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.