admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#8631

Browse Source 
Auto-merge PR#8631
This commit is contained in:
CVE Team 2023-02-15 04:30:16 -05:00 committed by GitHub
commit 808b982eea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 111 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
2022/45xxx/CVE-2022-45154.json
View File

@ -1,18 +1,122 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@suse.de",
"DATE_PUBLIC": "2023-01-26T00:00:00.000Z",
"ID": "CVE-2022-45154",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "supportconfig does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 12",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "supportutils",
"version_value": "3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 15",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "supportutils",
"version_value": "3.1.21-150000.5.44.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 15 SP3",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "supportutils",
"version_value": "3.1.21-150300.7.35.15.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nozomi Matsuzawa"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials\nThis issue affects:\nSUSE Linux Enterprise Server 12\nsupportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions.\nSUSE Linux Enterprise Server 15\nsupportutils version 3.1.21-150000.5.44.1 and prior versions.\nSUSE Linux Enterprise Server 15 SP3\nsupportutils version 3.1.21-150300.7.35.15.1 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-312: Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1207598",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1207598"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1207598",
"defect": [
"1207598"
],
"discovery": "INTERNAL"
}
}
}