CVE-2018-20105

Published: Jan 27, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2.

Affected (3)

Products: Yast2 Rmt Project: Yast2 Rmt · Opensuse: Leap · Suse: Suse Linux Enterprise Server

Yast2 Rmt Project

1 product

1 product

1 product

Suse Linux Enterprise Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Yast2 Rmt Project Yast2 Rmt	Before 1.2.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Suse Suse Linux Enterprise Server	Version 15

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (6)

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00035.html

Source: security@opentext.com

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00015.html

Source: security@opentext.com

https://bugzilla.suse.com/show_bug.cgi?id=1119835

Source: security@opentext.com

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00035.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00015.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.suse.com/show_bug.cgi?id=1119835

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.