CVE-2018-17957

EPSS 0.04%
Veröffentlicht 26.12.2018 15:29:00
Zuletzt bearbeitet 21.11.2024 03:55:16
Quelle security@opentext.com
CVE-Watchlists
Login
Unerledigt
Login

yast2-rmt leaks database passwords in process list

The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Suse ≫ Repository Mirroring Tool Version < 1.1.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.102

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
security@opentext.com	3.4	0.8	2.5	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CWE-214 Invocation of Process Using Visible Sensitive Information

A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://bugzilla.suse.com/show_bug.cgi?id=1117602

https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00068.html

https://nvd.nist.gov/vuln/detail/CVE-2018-17957

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-17957

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-17957

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-17957