4.0.7

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

suse

CWE-922

NVD

Published: 2019-05-13

Updated: 2024-11-21

Summary

SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem

Vulnerable Configurations

Part	Description	Count
Application	Suse Suse Manager 1.7 Suse Manager 2.1 Suse Manager 4.0.7	3

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

https://bugzilla.suse.com/show_bug.cgi?id=1131954
https://bugzilla.suse.com/show_bug.cgi?id=1131954