CVE-2018-17957

2025-07-29 05:56:59 +00:00 · 2018-12-25 12:02:07 +01:00 · 2018-12-25 12:02:07 +01:00 · de6773be62
commit de6773be62
parent 502cd94d56
1 changed files with 93 additions and 12 deletions
--- a/2018/17xxx/CVE-2018-17957.json
+++ b/2018/17xxx/CVE-2018-17957.json
@ -1,18 +1,99 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-17957",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "security@suse.de",
+      "DATE_PUBLIC": "2018-12-23T00:00:00.000Z",
+      "ID": "CVE-2018-17957",
+      "STATE": "PUBLIC",
+      "TITLE": "yast2-rmt leaks database passwords in process list"
   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "yast2-rmt",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "affected": "<",
+                                 "version_value": "1.1.2"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "SUSE"
+            }
+         ]
+      }
+   },
+   "credit": [
+      {
+         "lang": "eng",
+         "value": "Fabian Schilling of SUSE"
+      }
+   ],
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": "The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database."
         }
      ]
+   },
+   "impact": {
+      "cvss": {
+         "attackComplexity": "LOW",
+         "attackVector": "LOCAL",
+         "availabilityImpact": "NONE",
+         "baseScore": 3.4,
+         "baseSeverity": "LOW",
+         "confidentialityImpact": "LOW",
+         "integrityImpact": "LOW",
+         "privilegesRequired": "HIGH",
+         "scope": "UNCHANGED",
+         "userInteraction": "NONE",
+         "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
+         "version": "3.0"
+      }
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "CWE-214"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "name": "https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00068.html",
+            "refsource": "CONFIRM",
+            "url": "https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00068.html"
+         },
+         {
+            "name": "https://bugzilla.suse.com/show_bug.cgi?id=1117602",
+            "refsource": "CONFIRM",
+            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1117602"
+         }
+      ]
+   },
+   "source": {
+      "advisory": " openSUSE-SU-2018:4272-1",
+      "defect": [
+         "1117602"
+      ],
+      "discovery": "INTERNAL"
   }
-}
+}