csaf_opensuse - opensuse-su-2025:15092-1

opensuse-su-2025:15092-1

Vulnerability from csaf_opensuse

Published

2025-05-15 00:00

Modified

2025-05-15 00:00

Summary

pnpm-10.11.0-1.1 on GA media

Notes

Title of the patch

pnpm-10.11.0-1.1 on GA media

Description of the patch

These are all security issues fixed in the pnpm-10.11.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-15092

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "pnpm-10.11.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the pnpm-10.11.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15092",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15092-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2025:15092-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DCN7O6E3P22YMNPL7E6QTRLJZEBZG3WZ/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2025:15092-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DCN7O6E3P22YMNPL7E6QTRLJZEBZG3WZ/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-1234 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-1234/"
      }
    ],
    "title": "pnpm-10.11.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-05-15T00:00:00Z",
      "generator": {
        "date": "2025-05-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15092-1",
      "initial_release_date": "2025-05-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-05-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pnpm-10.11.0-1.1.aarch64",
                "product": {
                  "name": "pnpm-10.11.0-1.1.aarch64",
                  "product_id": "pnpm-10.11.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "pnpm-bash-completion-10.11.0-1.1.aarch64",
                "product": {
                  "name": "pnpm-bash-completion-10.11.0-1.1.aarch64",
                  "product_id": "pnpm-bash-completion-10.11.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "pnpm-fish-completion-10.11.0-1.1.aarch64",
                "product": {
                  "name": "pnpm-fish-completion-10.11.0-1.1.aarch64",
                  "product_id": "pnpm-fish-completion-10.11.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "pnpm-zsh-completion-10.11.0-1.1.aarch64",
                "product": {
                  "name": "pnpm-zsh-completion-10.11.0-1.1.aarch64",
                  "product_id": "pnpm-zsh-completion-10.11.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pnpm-10.11.0-1.1.ppc64le",
                "product": {
                  "name": "pnpm-10.11.0-1.1.ppc64le",
                  "product_id": "pnpm-10.11.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "pnpm-bash-completion-10.11.0-1.1.ppc64le",
                "product": {
                  "name": "pnpm-bash-completion-10.11.0-1.1.ppc64le",
                  "product_id": "pnpm-bash-completion-10.11.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "pnpm-fish-completion-10.11.0-1.1.ppc64le",
                "product": {
                  "name": "pnpm-fish-completion-10.11.0-1.1.ppc64le",
                  "product_id": "pnpm-fish-completion-10.11.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "pnpm-zsh-completion-10.11.0-1.1.ppc64le",
                "product": {
                  "name": "pnpm-zsh-completion-10.11.0-1.1.ppc64le",
                  "product_id": "pnpm-zsh-completion-10.11.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pnpm-10.11.0-1.1.s390x",
                "product": {
                  "name": "pnpm-10.11.0-1.1.s390x",
                  "product_id": "pnpm-10.11.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "pnpm-bash-completion-10.11.0-1.1.s390x",
                "product": {
                  "name": "pnpm-bash-completion-10.11.0-1.1.s390x",
                  "product_id": "pnpm-bash-completion-10.11.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "pnpm-fish-completion-10.11.0-1.1.s390x",
                "product": {
                  "name": "pnpm-fish-completion-10.11.0-1.1.s390x",
                  "product_id": "pnpm-fish-completion-10.11.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "pnpm-zsh-completion-10.11.0-1.1.s390x",
                "product": {
                  "name": "pnpm-zsh-completion-10.11.0-1.1.s390x",
                  "product_id": "pnpm-zsh-completion-10.11.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "pnpm-10.11.0-1.1.x86_64",
                "product": {
                  "name": "pnpm-10.11.0-1.1.x86_64",
                  "product_id": "pnpm-10.11.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "pnpm-bash-completion-10.11.0-1.1.x86_64",
                "product": {
                  "name": "pnpm-bash-completion-10.11.0-1.1.x86_64",
                  "product_id": "pnpm-bash-completion-10.11.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "pnpm-fish-completion-10.11.0-1.1.x86_64",
                "product": {
                  "name": "pnpm-fish-completion-10.11.0-1.1.x86_64",
                  "product_id": "pnpm-fish-completion-10.11.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "pnpm-zsh-completion-10.11.0-1.1.x86_64",
                "product": {
                  "name": "pnpm-zsh-completion-10.11.0-1.1.x86_64",
                  "product_id": "pnpm-zsh-completion-10.11.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pnpm-10.11.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:pnpm-10.11.0-1.1.aarch64"
        },
        "product_reference": "pnpm-10.11.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pnpm-10.11.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:pnpm-10.11.0-1.1.ppc64le"
        },
        "product_reference": "pnpm-10.11.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pnpm-10.11.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:pnpm-10.11.0-1.1.s390x"
        },
        "product_reference": "pnpm-10.11.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pnpm-10.11.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:pnpm-10.11.0-1.1.x86_64"
        },
        "product_reference": "pnpm-10.11.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pnpm-bash-completion-10.11.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:pnpm-bash-completion-10.11.0-1.1.aarch64"
        },
        "product_reference": "pnpm-bash-completion-10.11.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pnpm-bash-completion-10.11.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:pnpm-bash-completion-10.11.0-1.1.ppc64le"
        },
        "product_reference": "pnpm-bash-completion-10.11.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pnpm-bash-completion-10.11.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:pnpm-bash-completion-10.11.0-1.1.s390x"
        },
        "product_reference": "pnpm-bash-completion-10.11.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pnpm-bash-completion-10.11.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:pnpm-bash-completion-10.11.0-1.1.x86_64"
        },
        "product_reference": "pnpm-bash-completion-10.11.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pnpm-fish-completion-10.11.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:pnpm-fish-completion-10.11.0-1.1.aarch64"
        },
        "product_reference": "pnpm-fish-completion-10.11.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pnpm-fish-completion-10.11.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:pnpm-fish-completion-10.11.0-1.1.ppc64le"
        },
        "product_reference": "pnpm-fish-completion-10.11.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pnpm-fish-completion-10.11.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:pnpm-fish-completion-10.11.0-1.1.s390x"
        },
        "product_reference": "pnpm-fish-completion-10.11.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pnpm-fish-completion-10.11.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:pnpm-fish-completion-10.11.0-1.1.x86_64"
        },
        "product_reference": "pnpm-fish-completion-10.11.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pnpm-zsh-completion-10.11.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:pnpm-zsh-completion-10.11.0-1.1.aarch64"
        },
        "product_reference": "pnpm-zsh-completion-10.11.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pnpm-zsh-completion-10.11.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:pnpm-zsh-completion-10.11.0-1.1.ppc64le"
        },
        "product_reference": "pnpm-zsh-completion-10.11.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pnpm-zsh-completion-10.11.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:pnpm-zsh-completion-10.11.0-1.1.s390x"
        },
        "product_reference": "pnpm-zsh-completion-10.11.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pnpm-zsh-completion-10.11.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:pnpm-zsh-completion-10.11.0-1.1.x86_64"
        },
        "product_reference": "pnpm-zsh-completion-10.11.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-1234",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-1234"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability in the cluster management interface of Cisco\u0026nbsp;SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the vManage software must be in cluster mode.\r\nThis vulnerability is due to the absence of authentication for sensitive information in the cluster management interface. An attacker could exploit this vulnerability by sending a crafted request to the cluster management interface of an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:pnpm-10.11.0-1.1.aarch64",
          "openSUSE Tumbleweed:pnpm-10.11.0-1.1.ppc64le",
          "openSUSE Tumbleweed:pnpm-10.11.0-1.1.s390x",
          "openSUSE Tumbleweed:pnpm-10.11.0-1.1.x86_64",
          "openSUSE Tumbleweed:pnpm-bash-completion-10.11.0-1.1.aarch64",
          "openSUSE Tumbleweed:pnpm-bash-completion-10.11.0-1.1.ppc64le",
          "openSUSE Tumbleweed:pnpm-bash-completion-10.11.0-1.1.s390x",
          "openSUSE Tumbleweed:pnpm-bash-completion-10.11.0-1.1.x86_64",
          "openSUSE Tumbleweed:pnpm-fish-completion-10.11.0-1.1.aarch64",
          "openSUSE Tumbleweed:pnpm-fish-completion-10.11.0-1.1.ppc64le",
          "openSUSE Tumbleweed:pnpm-fish-completion-10.11.0-1.1.s390x",
          "openSUSE Tumbleweed:pnpm-fish-completion-10.11.0-1.1.x86_64",
          "openSUSE Tumbleweed:pnpm-zsh-completion-10.11.0-1.1.aarch64",
          "openSUSE Tumbleweed:pnpm-zsh-completion-10.11.0-1.1.ppc64le",
          "openSUSE Tumbleweed:pnpm-zsh-completion-10.11.0-1.1.s390x",
          "openSUSE Tumbleweed:pnpm-zsh-completion-10.11.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-1234",
          "url": "https://www.suse.com/security/cve/CVE-2021-1234"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:pnpm-10.11.0-1.1.aarch64",
            "openSUSE Tumbleweed:pnpm-10.11.0-1.1.ppc64le",
            "openSUSE Tumbleweed:pnpm-10.11.0-1.1.s390x",
            "openSUSE Tumbleweed:pnpm-10.11.0-1.1.x86_64",
            "openSUSE Tumbleweed:pnpm-bash-completion-10.11.0-1.1.aarch64",
            "openSUSE Tumbleweed:pnpm-bash-completion-10.11.0-1.1.ppc64le",
            "openSUSE Tumbleweed:pnpm-bash-completion-10.11.0-1.1.s390x",
            "openSUSE Tumbleweed:pnpm-bash-completion-10.11.0-1.1.x86_64",
            "openSUSE Tumbleweed:pnpm-fish-completion-10.11.0-1.1.aarch64",
            "openSUSE Tumbleweed:pnpm-fish-completion-10.11.0-1.1.ppc64le",
            "openSUSE Tumbleweed:pnpm-fish-completion-10.11.0-1.1.s390x",
            "openSUSE Tumbleweed:pnpm-fish-completion-10.11.0-1.1.x86_64",
            "openSUSE Tumbleweed:pnpm-zsh-completion-10.11.0-1.1.aarch64",
            "openSUSE Tumbleweed:pnpm-zsh-completion-10.11.0-1.1.ppc64le",
            "openSUSE Tumbleweed:pnpm-zsh-completion-10.11.0-1.1.s390x",
            "openSUSE Tumbleweed:pnpm-zsh-completion-10.11.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-05-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-1234"
    }
  ]
}

CVE-2021-1234 (GCVE-0-2021-1234)

Vulnerability from cvelistv5

Published

2024-11-18 15:45

Modified

2024-11-18 16:42

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere

Summary

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the vManage software must be in cluster mode. This vulnerability is due to the absence of authentication for sensitive information in the cluster management interface. An attacker could exploit this vulnerability by sending a crafted request to the cluster management interface of an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

References

►

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmaninfdis3-OvdR6uu8

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Catalyst SD-WAN Manager	Version: 20.1.12 Version: 19.2.1 Version: 18.4.4 Version: 18.4.5 Version: 20.1.1.1 Version: 20.1.1 Version: 19.3.0 Version: 19.2.2 Version: 19.2.099 Version: 18.3.6 Version: 18.3.7 Version: 19.2.0 Version: 18.3.8 Version: 19.0.0 Version: 19.1.0 Version: 18.4.302 Version: 18.4.303 Version: 19.2.097 Version: 19.2.098 Version: 17.2.10 Version: 18.3.6.1 Version: 19.0.1a Version: 18.2.0 Version: 18.4.3 Version: 18.4.1 Version: 17.2.8 Version: 18.3.3.1 Version: 18.4.0 Version: 18.3.1 Version: 17.2.6 Version: 17.2.9 Version: 18.3.4 Version: 17.2.5 Version: 18.3.1.1 Version: 18.3.5 Version: 18.4.0.1 Version: 18.3.3 Version: 17.2.7 Version: 17.2.4 Version: 18.3.0 Version: 19.2.3 Version: 18.4.501_ES Version: 20.1.2 Version: 19.2.929 Version: 19.2.31 Version: 19.2.32 Version: 18.4.6 Version: 20.1.2_937

Show details on NVD website