All the vulnerabilites related to SUSE - SUSE Linux Enterprise Server 15 SP3
cve-2022-45154
Vulnerability from cvelistv5
Published
2023-02-15 00:00
Modified
2024-08-03 14:09
Severity ?
EPSS score ?
Summary
A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | SUSE | SUSE Linux Enterprise Server 12 |
Version: supportutils < |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:09:56.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1207598" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SUSE Linux Enterprise Server 12", "vendor": "SUSE", "versions": [ { "lessThanOrEqual": "3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information", "status": "affected", "version": "supportutils", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 15", "vendor": "SUSE", "versions": [ { "lessThanOrEqual": "3.1.21-150000.5.44.1", "status": "affected", "version": "supportutils", "versionType": "custom" } ] }, { "product": "SUSE Linux Enterprise Server 15 SP3", "vendor": "SUSE", "versions": [ { "lessThanOrEqual": "3.1.21-150300.7.35.15.1", "status": "affected", "version": "supportutils", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Nozomi Matsuzawa" } ], "datePublic": "2023-01-26T00:00:00", "descriptions": [ { "lang": "en", "value": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-312", "description": "CWE-312: Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-15T00:00:00", "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse" }, "references": [ { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1207598" } ], "source": { "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1207598", "defect": [ "1207598" ], "discovery": "INTERNAL" }, "title": "supportconfig does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "cveId": "CVE-2022-45154", "datePublished": "2023-02-15T00:00:00", "dateReserved": "2022-11-11T00:00:00", "dateUpdated": "2024-08-03T14:09:56.382Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }