CVE-2018-17956 LOW

CVE-2018-17956: Password exposed in process listing

Vendor Suse
Product yast2-samba-provision
Weakness CWE-200 · Info exposure
Published March 15, 2019
Last update September 17, 2024

CVSS base score

3.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list

Key dates

02Disclosure timeline

March 15, 2019 CVE published
September 17, 2024 Record updated