Unrated severityNVD Advisory· Published Jan 27, 2020· Updated Sep 16, 2024
yast2-rmt exposes CA private key passhrase in log-file
CVE-2018-20105
Description
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- Range: <1.2.2
- osv-coords5 versionspkg:rpm/opensuse/yast2-rmt&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/yast2-rmt&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/yast2-rmt&distro=openSUSE%20Tumbleweedpkg:rpm/suse/yast2-rmt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/yast2-rmt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1
< 1.2.2-lp150.2.19.1+ 4 more
- (no CPE)range: < 1.2.2-lp150.2.19.1
- (no CPE)range: < 1.2.2-lp151.2.3.1
- (no CPE)range: < 1.3.3-1.2
- (no CPE)range: < 1.2.2-3.18.1
- (no CPE)range: < 1.3.0-3.5.1
- Range: yast2-rmt
Patches
Vulnerability mechanics
References
3- lists.opensuse.org/opensuse-security-announce/2020-02/msg00035.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-03/msg00015.htmlmitrevendor-advisoryx_refsource_SUSE
- bugzilla.suse.com/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.