CVE-2018-20105

medium

Description

A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2.

References

https://bugzilla.suse.com/show_bug.cgi?id=1119835

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00035.html

Details

Source: Mitre, NVD

Published: 2020-01-27

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium