Vulnerabilites related to SUSE - yast2-rmt
CVE-2018-17957 (GCVE-0-2018-17957)
Vulnerability from cvelistv5
Published
2018-12-26 15:00
Modified
2024-09-16 20:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00068.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1117602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "yast2-rmt",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Fabian Schilling of SUSE"
}
],
"datePublic": "2018-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-214",
"description": "CWE-214",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:25",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00068.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1117602"
}
],
"source": {
"advisory": "openSUSE-SU-2018:4272-1",
"defect": [
"1117602"
],
"discovery": "INTERNAL"
},
"title": "yast2-rmt leaks database passwords in process list",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-12-23T00:00:00.000Z",
"ID": "CVE-2018-17957",
"STATE": "PUBLIC",
"TITLE": "yast2-rmt leaks database passwords in process list"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "yast2-rmt",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.1.2"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Fabian Schilling of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-214"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00068.html",
"refsource": "CONFIRM",
"url": "https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00068.html"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1117602",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1117602"
}
]
},
"source": {
"advisory": "openSUSE-SU-2018:4272-1",
"defect": [
"1117602"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-17957",
"datePublished": "2018-12-26T15:00:00Z",
"dateReserved": "2018-10-03T00:00:00",
"dateUpdated": "2024-09-16T20:27:58.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}