Multiple vulnerabilities in Uyuni SUSE Manager



Published: 2022-06-22
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2022-31248
CVE-2022-21952
CWE-ID CWE-209
CWE-770
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Uyuni SUSE Manager
Web applications / Remote management & hosting panels

Vendor

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Information Exposure Through an Error Message

EUVDB-ID: #VU64572

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-31248

CWE-ID: CWE-209 - Information Exposure Through an Error Message

Exploit availability: No

Description

The vulnerability allows a remote attacker to enumerate email addresses of registered users.

The vulnerability exists due to the application in /rhn/help/ForgotCredentials.do exposes information about pretense of an email address of the registered user within the application. A remote non-authenticated attacker can enumerate email addresses of application users.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Uyuni SUSE Manager: before 4.1.36-1

External links

http://bugzilla.suse.com/show_bug.cgi?id=1199629


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU64571

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21952

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the "/rhn/manager/frontend-log" script takes a text as a POST parameter and then it writes into the "/var/log/rhn/rhn_web_frontend.log" file. A remote non-authenticated attacker can send arbitrary amount of data to the application log and consume all available disk space, cause a denial of service condition.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Uyuni SUSE Manager: before 4.1.36-1

External links

http://bugzilla.suse.com/show_bug.cgi?id=1199512


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###