CVE-2022-45154

Published: Feb 15, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.

Affected (3)

Products: Opensuse: Supportutils

Opensuse

1 product

Supportutils

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Opensuse Supportutils	Up to 3.0.10-95.51.1

Running on/with	Platform Versions
Suse Linux Enterprise Server	Version 12

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Opensuse Supportutils	Up to 3.1.21-150000.5.44.1

Running on/with	Platform Versions
Suse Linux Enterprise Server	Version 15

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Opensuse Supportutils	Up to 3.1.21-150300.7.35.15.1

Running on/with	Platform Versions
Suse Linux Enterprise Server	Version 15 sp3

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

https://bugzilla.suse.com/show_bug.cgi?id=1207598

Source: meissner@suse.de

ExploitIssue Tracking

https://bugzilla.suse.com/show_bug.cgi?id=1207598

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

Timeline

No history available yet.