Vulnerability Details CVE-2018-20105
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.7%
CVSS Severity
CVSS v3 Score 4.0
CVSS v2 Score 2.1
References
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00015.html
- https://bugzilla.suse.com/show_bug.cgi?id=1119835
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00015.html
- https://bugzilla.suse.com/show_bug.cgi?id=1119835
Products affected by CVE-2018-20105
-
cpe:2.3:a:yast2-rmt_project:yast2-rmt:-
-
cpe:2.3:a:yast2-rmt_project:yast2-rmt:1.0
-
cpe:2.3:o:opensuse:leap:15.0
-
cpe:2.3:o:suse:suse_linux_enterprise_server:15