SB2020072802 - OpenSUSE Linux update for SUSE Manager Client Tools
Published: July 28, 2020 Updated: July 18, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 31 secuirty vulnerabilities.
1) Cross-site scripting (CVE-ID: CVE-2019-10254)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.
2) Input validation error (CVE-ID: CVE-2019-10206)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
3) Information disclosure (CVE-ID: CVE-2019-10217)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.
4) NULL pointer dereference (CVE-ID: CVE-2019-10207)
The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.
5) Cross-site scripting (CVE-ID: CVE-2019-10241)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
6) Cross-site scripting (CVE-ID: CVE-2019-1020007)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
7) Improper input validation (CVE-ID: CVE-2019-10247)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Integrator Acquistion System (Eclipse Jetty) component in Oracle Endeca Information Discovery Integrator. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
8) Cross-site scripting (CVE-ID: CVE-2019-10227)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "404-not-found" component. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
9) Cleartext storage of sensitive information (CVE-ID: CVE-2019-10213)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to OpenShift Container Platform writes secrets in clear text into pod logs when the log level in a given operator is set to Debug or higher. A local user can read the log files and gain access to sensitive information.
10) Information disclosure (CVE-ID: CVE-2019-10224)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists within the dscreate and dsconf commands in 389-ds-base due to excessive data output, when executed in verbose mode. A local user can gain access to sensitive information, such as the Directory Manager password.
Successful exploitation of the vulnerability requires that the attacker can see the screen or record terminal session.
11) Cross-site scripting (CVE-ID: CVE-2019-10215)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the highlighter() function in Bootstrap-3-Typeahead. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
12) Path traversal (CVE-ID: CVE-2019-10218)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in filenames within Samba client code (libsmbclient). A malicious SMB server can return a filename to the client containing directory traversal characters and force the client to read or write data to local files.
Successful exploitation of the vulnerability may allow an attacker to overwrite arbitrary files on the client.
13) Cleartext storage of sensitive information (CVE-ID: CVE-2019-10281)
The vulnerability allows a local user to view the password on the target system.The vulnerability exists due to the affected software stores credentials unencrypted in its
global configuration file "org.jenkinsci.plugins.relution_publisher.configuration.global.StoreConfiguration.xml" on the Jenkins master. A local authenticated user with access to the master file system can obtain credentials.
14) Input validation error (CVE-ID: CVE-2019-10202)
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to incorrect implementation of patch for Codehaus 1.9.x against insufficient data deserialization present in FasterXML jackson-databind. A remote attacker can bypass implemented protection measures and exploit known deserialization vulnerabilities in jackson-databind package.15) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2019-10212)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists in Undertow DEBUG log implementation for io.undertow.request.security that stored user's credentials in plain text in a world-readable file. A local user can view contents of the debug file and gain access to login and passwords of Undertow users.
16) Cleartext transmission of sensitive information (CVE-ID: CVE-2019-10214)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to containers/image library library does not enforce TLS connection by default. A remote attacker with ability to perform MitM attack can gain accecss to sensitive information.
17) Cross-site request forgery (CVE-ID: CVE-2019-10253)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin within the handling of request to “DomainObjectDocumentUpload.ashx” application. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
18) Resource management error (CVE-ID: CVE-2019-10222)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to failure in the RADOS gateway implementation when handing client disconnects. A remote authenticated attacker can abuse this error and perform denial of service attack.
19) Improper Authentication (CVE-ID: CVE-2019-10201)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the Security Assertion Markup Language (SAML) broker does not properly parse messages. A remote attacker can send a specially crafted SAML request, bypass authentication process and gain unauthorized access to the application.
20) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-10216)
The vulnerability allows a remote attacker to access arbitrary files on the system.
The vulnerability exists due to an error within the .buildfont1 procedure when making privileged secure calls. A remote attacker can create a specially crafted PostScript file, trick the victim into opening it, bypass the ‘-dSAFER’ restrictions and access arbitrary file on the system.
21) Untrusted search path (CVE-ID: CVE-2019-10211)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to EnterpriseDB Windows installer bundles an OpenSSL library that tries to load configuration from a hard-coded location on the system. This location usually does not exists, therefore an attacker can create a folder, place malicious configuration file in it and execute the configuration.
22) Unprotected storage of credentials (CVE-ID: CVE-2019-10210)
23) Information disclosure (CVE-ID: CVE-2019-10209)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to way PostgreSQL processes user-defined hash equality operators. A remote attacker can under certain circumstances read arbitrary bytes from server memory.
Note, exploitation of this vulnerability requires a superuser to create unusual operators.
24) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-10208)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to way PostreSQL processes SECURITY DEFINER functions. A privileged attacker with EXECUTE permission, which must itself contain a function call having inexact argument type match, can execute arbitrary SQL query under the identity of the function owner.
25) Stack-based buffer overflow (CVE-ID: CVE-2019-10269)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the bns_restore function in bntseq.c via a long sequence name in a .alt file. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Double Free (CVE-ID: CVE-2019-1020014)
The vulnerability allows a local attacker to access sensitive information on a targeted system.
The vulnerability exists due to a double free condition in the list functions. A local authenticated attacker can trigger double free error and gain access to sensitive information on a targeted system
27) Out-of-bounds read (CVE-ID: CVE-2019-1023)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the way the scripting engine handles objects in memory in Microsoft Edge. A remote attacker can use a specially crafted web page to trigger out-of-bounds read error and read contents of memory on the system.
28) Buffer overflow (CVE-ID: CVE-2019-1024)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Chakra scripting engine. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Improper access control (CVE-ID: CVE-2019-15043)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions to Grafana HTTP API. A remote non-authenticated attacker can send a specially crafted request to unprotected Garafa API endpoint and perform denial of service (DoS) attack.
30) Cross-site scripting (CVE-ID: CVE-2020-12245)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data passed via column.title or cellLinkTooltip. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
31) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2020-13379)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input within the avatar feature. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
Remediation
Install update from vendor's website.