4.0.7

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

suse

CWE-922

NVD

Published: 2019-05-13

Updated: 2020-12-03

Summary

SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem

Vulnerable Configurations

Part	Description	Count
Application	Suse Suse Manager 1.7 Suse Manager 4.0.7	2

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

https://bugzilla.suse.com/show_bug.cgi?id=1131954