CVE-2018-20105 MEDIUM

CVE-2018-20105: yast2-rmt exposes CA private key passhrase in log-file

Vendor Suse
Product SUSE Linux Enterprise Server 15
Weakness CWE-532 · Sensitive info in logs
Published January 27, 2020
Last update September 16, 2024

CVSS base score

4.0/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2.

Key dates

02Disclosure timeline

January 27, 2020 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE