rpm package
suse/uyuni-tools&distro=SUSE:EL-9:Update:Products:ManagerTools:Update
pkg:rpm/suse/uyuni-tools&distro=SUSE:EL-9:Update:Products:ManagerTools:Update
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-22037 | Med | 5.5 | < 0.1.28-1.14.1 | 0.1.28-1.14.1 | Nov 28, 2024 | The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users. | |
| CVE-2023-3978 | — | < 0.1.23-1.11.1 | 0.1.23-1.11.1 | Aug 2, 2023 | Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. |
- affected < 0.1.28-1.14.1fixed 0.1.28-1.14.1
The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users.
- CVE-2023-3978Aug 2, 2023affected < 0.1.23-1.11.1fixed 0.1.23-1.11.1
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.