Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrofocusCVE-2018-20105
HistoryJan 27, 2020 - 9:15 a.m.

CVE-2018-20105

2020-01-2709:15:11
CWE-532
microfocus
web.nvd.nist.gov
133
cve-2018-20105
yast2-rmt
suse linux enterprise server 15
opensuse leap
vulnerability
log files
local attackers
nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0

Percentile

5.1%

JSON

A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2.

Affected configurations

Nvd
Node
yast2-rmt_projectyast2-rmtRange<1.2.2
Node
opensuseleapMatch15.0
OR
susesuse_linux_enterprise_serverMatch15
VendorProductVersionCPE
yast2-rmt_projectyast2-rmt*cpe:2.3:a:yast2-rmt_project:yast2-rmt:*:*:*:*:*:*:*:*
opensuseleap15.0cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
susesuse_linux_enterprise_server15cpe:2.3:o:suse:suse_linux_enterprise_server:15:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "SUSE Linux Enterprise Server 15",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "1.2.2",
        "status": "affected",
        "version": "yast2-rmt",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Leap",
    "vendor": "openSUSE",
    "versions": [
      {
        "lessThan": "1.2.2",
        "status": "affected",
        "version": "yast2-rmt",
        "versionType": "custom"
      }
    ]
  }
]

Related

nessus 3
openvas 5
prion 1
suse 3
cvelist 1
nvd 1
osv 1
nessus
nessus
openSUSE Security Update : yast2-rmt (openSUSE-2019-1089)
2019-04-02 00:00:00
openSUSE Security Update : yast2-rmt (openSUSE-2020-320)
2020-03-09 00:00:00
openSUSE Security Update : yast2-rmt (openSUSE-2020-253)
2020-02-28 00:00:00
openvas
openvas
openSUSE: Security Advisory for yast2-rmt (openSUSE-SU-2019:1089-1)
2019-04-03 00:00:00
openSUSE: Security Advisory for yast2-rmt (openSUSE-SU-2020:0320-1)
2020-03-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0578-1)
2021-06-09 00:00:00
prion
prion
Design/Logic Flaw
2020-01-27 09:15:00
suse
suse
Security update for yast2-rmt (moderate)
2020-02-27 00:00:00
Security update for yast2-rmt (moderate)
2020-03-08 00:00:00
Security update for yast2-rmt (moderate)
2019-04-02 00:00:00
cvelist
cvelist
CVE-2018-20105 yast2-rmt exposes CA private key passhrase in log-file
2020-01-27 08:50:13
nvd
nvd
CVE-2018-20105
2020-01-27 09:15:11
osv
osv
yast2-rmt-1.3.3-1.2 on GA media
2024-06-15 00:00:00

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0

Percentile

5.1%

JSON
Related for CVE-2018-20105
nessus3openvas5prion1suse3cvelist1nvd1osv1