Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2020-8908 CVE-2022-0860 CVE-2023-22644 |
CWE-ID | CWE-276 CWE-285 CWE-532 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
SUSE Manager Proxy Module Operating systems & Components / Operating system SUSE Manager Server Module Operating systems & Components / Operating system Development Tools Module Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP3 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP2 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing LTSS 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing ESPOS 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system SUSE Enterprise Storage Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Manager Server Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system jsr-305-javadoc Operating systems & Components / Operating system package or component susemanager-tftpsync Operating systems & Components / Operating system package or component spacewalk-taskomatic Operating systems & Components / Operating system package or component spacewalk-java-config Operating systems & Components / Operating system package or component spacewalk-backend-sql Operating systems & Components / Operating system package or component uyuni-config-modules Operating systems & Components / Operating system package or component jsr-305 Operating systems & Components / Operating system package or component spacewalk-java-postgresql Operating systems & Components / Operating system package or component virtual-host-gatherer-Kubernetes Operating systems & Components / Operating system package or component spacewalk-backend-tools Operating systems & Components / Operating system package or component spacewalk-backend-iss Operating systems & Components / Operating system package or component virtual-host-gatherer Operating systems & Components / Operating system package or component spacewalk-backend-xml-export-libs Operating systems & Components / Operating system package or component spacewalk-base Operating systems & Components / Operating system package or component cobbler Operating systems & Components / Operating system package or component spacewalk-backend-config-files Operating systems & Components / Operating system package or component spacewalk-backend-config-files-tool Operating systems & Components / Operating system package or component spacewalk-backend-server Operating systems & Components / Operating system package or component spacewalk-html Operating systems & Components / Operating system package or component spacewalk-backend-config-files-common Operating systems & Components / Operating system package or component spacewalk-backend-applet Operating systems & Components / Operating system package or component supportutils-plugin-susemanager Operating systems & Components / Operating system package or component susemanager-docs_en Operating systems & Components / Operating system package or component spacewalk-backend-iss-export Operating systems & Components / Operating system package or component mgr-libmod Operating systems & Components / Operating system package or component spacewalk-backend-sql-postgresql Operating systems & Components / Operating system package or component spacewalk-search Operating systems & Components / Operating system package or component virtual-host-gatherer-Nutanix Operating systems & Components / Operating system package or component subscription-matcher Operating systems & Components / Operating system package or component susemanager-doc-indexes Operating systems & Components / Operating system package or component susemanager-docs_en-pdf Operating systems & Components / Operating system package or component susemanager-sls Operating systems & Components / Operating system package or component spacewalk-java Operating systems & Components / Operating system package or component spacewalk-backend-app Operating systems & Components / Operating system package or component spacewalk-java-lib Operating systems & Components / Operating system package or component spacewalk-backend-xmlrpc Operating systems & Components / Operating system package or component spacewalk-backend-package-push-server Operating systems & Components / Operating system package or component virtual-host-gatherer-VMware Operating systems & Components / Operating system package or component virtual-host-gatherer-libcloud Operating systems & Components / Operating system package or component guava Operating systems & Components / Operating system package or component python3-uyuni-common-libs Operating systems & Components / Operating system package or component spacewalk-backend Operating systems & Components / Operating system package or component spacewalk-proxy-broker Operating systems & Components / Operating system package or component python3-spacewalk-check Operating systems & Components / Operating system package or component spacewalk-proxy-common Operating systems & Components / Operating system package or component susemanager-build-keys-web Operating systems & Components / Operating system package or component spacewalk-proxy-package-manager Operating systems & Components / Operating system package or component spacewalk-base-minimal-config Operating systems & Components / Operating system package or component spacewalk-check Operating systems & Components / Operating system package or component spacewalk-proxy-redirect Operating systems & Components / Operating system package or component mgr-daemon Operating systems & Components / Operating system package or component spacecmd Operating systems & Components / Operating system package or component spacewalk-proxy-management Operating systems & Components / Operating system package or component spacewalk-client-tools Operating systems & Components / Operating system package or component susemanager-build-keys Operating systems & Components / Operating system package or component python3-spacewalk-client-setup Operating systems & Components / Operating system package or component spacewalk-base-minimal Operating systems & Components / Operating system package or component spacewalk-client-setup Operating systems & Components / Operating system package or component python3-spacewalk-client-tools Operating systems & Components / Operating system package or component spacewalk-proxy-salt Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU50139
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-8908
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files located in the temporary directory set by the Guava com.google.common.io.Files.createTempDir(). A local user with access to the system can view contents of files and directories or modify them.
MitigationUpdate the affected package Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2
SUSE Manager Server Module: 4.2
Development Tools Module: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP4
SUSE Linux Enterprise Server 15: SP2 - SP4
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Real Time 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP4
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Desktop 15: SP4
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
openSUSE Leap: 15.4
jsr-305-javadoc: before 3.0.2-150200.3.7.5
susemanager-tftpsync: before 4.2.4-150300.3.6.6
spacewalk-taskomatic: before 4.2.49-150300.3.63.3
spacewalk-java-config: before 4.2.49-150300.3.63.3
spacewalk-backend-sql: before 4.2.27-150300.4.38.7
uyuni-config-modules: before 4.2.32-150300.3.46.5
jsr-305: before 3.0.2-150200.3.7.5
spacewalk-java-postgresql: before 4.2.49-150300.3.63.3
virtual-host-gatherer-Kubernetes: before 1.0.25-150300.3.12.5
spacewalk-backend-tools: before 4.2.27-150300.4.38.7
spacewalk-backend-iss: before 4.2.27-150300.4.38.7
virtual-host-gatherer: before 1.0.25-150300.3.12.5
spacewalk-backend-xml-export-libs: before 4.2.27-150300.4.38.7
spacewalk-base: before 4.2.34-150300.3.41.5
cobbler: before 3.1.2-150300.5.22.5
spacewalk-backend-config-files: before 4.2.27-150300.4.38.7
spacewalk-backend-config-files-tool: before 4.2.27-150300.4.38.7
spacewalk-backend-server: before 4.2.27-150300.4.38.7
spacewalk-html: before 4.2.34-150300.3.41.5
spacewalk-backend-config-files-common: before 4.2.27-150300.4.38.7
spacewalk-backend-applet: before 4.2.27-150300.4.38.7
supportutils-plugin-susemanager: before 4.2.6-150300.3.12.5
susemanager-docs_en: before 4.2-150300.12.42.5
spacewalk-backend-iss-export: before 4.2.27-150300.4.38.7
mgr-libmod: before 4.2.8-150300.3.9.6
spacewalk-backend-sql-postgresql: before 4.2.27-150300.4.38.7
spacewalk-search: before 4.2.10-150300.3.18.6
virtual-host-gatherer-Nutanix: before 1.0.25-150300.3.12.5
subscription-matcher: before 0.29-150300.6.15.5
susemanager-doc-indexes: before 4.2-150300.12.42.6
susemanager-docs_en-pdf: before 4.2-150300.12.42.5
susemanager-sls: before 4.2.32-150300.3.46.5
spacewalk-java: before 4.2.49-150300.3.63.3
spacewalk-backend-app: before 4.2.27-150300.4.38.7
spacewalk-java-lib: before 4.2.49-150300.3.63.3
spacewalk-backend-xmlrpc: before 4.2.27-150300.4.38.7
spacewalk-backend-package-push-server: before 4.2.27-150300.4.38.7
virtual-host-gatherer-VMware: before 1.0.25-150300.3.12.5
virtual-host-gatherer-libcloud: before 1.0.25-150300.3.12.5
guava: before 30.1.1-150300.4.3.4
python3-uyuni-common-libs: before 4.2.10-150300.3.17.6
spacewalk-backend: before 4.2.27-150300.4.38.7
spacewalk-proxy-broker: before 4.2.14-150300.3.27.6
python3-spacewalk-check: before 4.2.23-150300.4.33.7
spacewalk-proxy-common: before 4.2.14-150300.3.27.6
susemanager-build-keys-web: before 15.3.6-150300.3.9.5
spacewalk-proxy-package-manager: before 4.2.14-150300.3.27.6
spacewalk-base-minimal-config: before 4.2.34-150300.3.41.5
spacewalk-check: before 4.2.23-150300.4.33.7
spacewalk-proxy-redirect: before 4.2.14-150300.3.27.6
mgr-daemon: before 4.2.11-150300.2.12.5
spacecmd: before 4.2.22-150300.4.36.7
spacewalk-proxy-management: before 4.2.14-150300.3.27.6
spacewalk-client-tools: before 4.2.23-150300.4.33.7
susemanager-build-keys: before 15.3.6-150300.3.9.5
python3-spacewalk-client-setup: before 4.2.23-150300.4.33.7
spacewalk-base-minimal: before 4.2.34-150300.3.41.5
spacewalk-client-setup: before 4.2.23-150300.4.33.7
python3-spacewalk-client-tools: before 4.2.23-150300.4.33.7
spacewalk-proxy-salt: before 4.2.14-150300.3.27.6
CPE2.3http://www.suse.com/support/update/announcement/2023/suse-su-20231831-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86855
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0860
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote user to bypass authorization process.
The vulnerability exists due to incorrect processing of expired accounts when using PAM. A remote user with an expired account can still access the application.
Update the affected package Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2
SUSE Manager Server Module: 4.2
Development Tools Module: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP4
SUSE Linux Enterprise Server 15: SP2 - SP4
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Real Time 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP4
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Desktop 15: SP4
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
openSUSE Leap: 15.4
jsr-305-javadoc: before 3.0.2-150200.3.7.5
susemanager-tftpsync: before 4.2.4-150300.3.6.6
spacewalk-taskomatic: before 4.2.49-150300.3.63.3
spacewalk-java-config: before 4.2.49-150300.3.63.3
spacewalk-backend-sql: before 4.2.27-150300.4.38.7
uyuni-config-modules: before 4.2.32-150300.3.46.5
jsr-305: before 3.0.2-150200.3.7.5
spacewalk-java-postgresql: before 4.2.49-150300.3.63.3
virtual-host-gatherer-Kubernetes: before 1.0.25-150300.3.12.5
spacewalk-backend-tools: before 4.2.27-150300.4.38.7
spacewalk-backend-iss: before 4.2.27-150300.4.38.7
virtual-host-gatherer: before 1.0.25-150300.3.12.5
spacewalk-backend-xml-export-libs: before 4.2.27-150300.4.38.7
spacewalk-base: before 4.2.34-150300.3.41.5
cobbler: before 3.1.2-150300.5.22.5
spacewalk-backend-config-files: before 4.2.27-150300.4.38.7
spacewalk-backend-config-files-tool: before 4.2.27-150300.4.38.7
spacewalk-backend-server: before 4.2.27-150300.4.38.7
spacewalk-html: before 4.2.34-150300.3.41.5
spacewalk-backend-config-files-common: before 4.2.27-150300.4.38.7
spacewalk-backend-applet: before 4.2.27-150300.4.38.7
supportutils-plugin-susemanager: before 4.2.6-150300.3.12.5
susemanager-docs_en: before 4.2-150300.12.42.5
spacewalk-backend-iss-export: before 4.2.27-150300.4.38.7
mgr-libmod: before 4.2.8-150300.3.9.6
spacewalk-backend-sql-postgresql: before 4.2.27-150300.4.38.7
spacewalk-search: before 4.2.10-150300.3.18.6
virtual-host-gatherer-Nutanix: before 1.0.25-150300.3.12.5
subscription-matcher: before 0.29-150300.6.15.5
susemanager-doc-indexes: before 4.2-150300.12.42.6
susemanager-docs_en-pdf: before 4.2-150300.12.42.5
susemanager-sls: before 4.2.32-150300.3.46.5
spacewalk-java: before 4.2.49-150300.3.63.3
spacewalk-backend-app: before 4.2.27-150300.4.38.7
spacewalk-java-lib: before 4.2.49-150300.3.63.3
spacewalk-backend-xmlrpc: before 4.2.27-150300.4.38.7
spacewalk-backend-package-push-server: before 4.2.27-150300.4.38.7
virtual-host-gatherer-VMware: before 1.0.25-150300.3.12.5
virtual-host-gatherer-libcloud: before 1.0.25-150300.3.12.5
guava: before 30.1.1-150300.4.3.4
python3-uyuni-common-libs: before 4.2.10-150300.3.17.6
spacewalk-backend: before 4.2.27-150300.4.38.7
spacewalk-proxy-broker: before 4.2.14-150300.3.27.6
python3-spacewalk-check: before 4.2.23-150300.4.33.7
spacewalk-proxy-common: before 4.2.14-150300.3.27.6
susemanager-build-keys-web: before 15.3.6-150300.3.9.5
spacewalk-proxy-package-manager: before 4.2.14-150300.3.27.6
spacewalk-base-minimal-config: before 4.2.34-150300.3.41.5
spacewalk-check: before 4.2.23-150300.4.33.7
spacewalk-proxy-redirect: before 4.2.14-150300.3.27.6
mgr-daemon: before 4.2.11-150300.2.12.5
spacecmd: before 4.2.22-150300.4.36.7
spacewalk-proxy-management: before 4.2.14-150300.3.27.6
spacewalk-client-tools: before 4.2.23-150300.4.33.7
susemanager-build-keys: before 15.3.6-150300.3.9.5
python3-spacewalk-client-setup: before 4.2.23-150300.4.33.7
spacewalk-base-minimal: before 4.2.34-150300.3.41.5
spacewalk-client-setup: before 4.2.23-150300.4.33.7
python3-spacewalk-client-tools: before 4.2.23-150300.4.33.7
spacewalk-proxy-salt: before 4.2.14-150300.3.27.6
CPE2.3http://www.suse.com/support/update/announcement/2023/suse-su-20231831-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU84791
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-22644
CWE-ID:
CWE-532 - Information Exposure Through Log Files
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files. A local user can read the log files and gain access to sensitive data.
MitigationUpdate the affected package Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2
SUSE Manager Server Module: 4.2
Development Tools Module: 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP4
SUSE Linux Enterprise Server 15: SP2 - SP4
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Real Time 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP4
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Desktop 15: SP4
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
openSUSE Leap: 15.4
jsr-305-javadoc: before 3.0.2-150200.3.7.5
susemanager-tftpsync: before 4.2.4-150300.3.6.6
spacewalk-taskomatic: before 4.2.49-150300.3.63.3
spacewalk-java-config: before 4.2.49-150300.3.63.3
spacewalk-backend-sql: before 4.2.27-150300.4.38.7
uyuni-config-modules: before 4.2.32-150300.3.46.5
jsr-305: before 3.0.2-150200.3.7.5
spacewalk-java-postgresql: before 4.2.49-150300.3.63.3
virtual-host-gatherer-Kubernetes: before 1.0.25-150300.3.12.5
spacewalk-backend-tools: before 4.2.27-150300.4.38.7
spacewalk-backend-iss: before 4.2.27-150300.4.38.7
virtual-host-gatherer: before 1.0.25-150300.3.12.5
spacewalk-backend-xml-export-libs: before 4.2.27-150300.4.38.7
spacewalk-base: before 4.2.34-150300.3.41.5
cobbler: before 3.1.2-150300.5.22.5
spacewalk-backend-config-files: before 4.2.27-150300.4.38.7
spacewalk-backend-config-files-tool: before 4.2.27-150300.4.38.7
spacewalk-backend-server: before 4.2.27-150300.4.38.7
spacewalk-html: before 4.2.34-150300.3.41.5
spacewalk-backend-config-files-common: before 4.2.27-150300.4.38.7
spacewalk-backend-applet: before 4.2.27-150300.4.38.7
supportutils-plugin-susemanager: before 4.2.6-150300.3.12.5
susemanager-docs_en: before 4.2-150300.12.42.5
spacewalk-backend-iss-export: before 4.2.27-150300.4.38.7
mgr-libmod: before 4.2.8-150300.3.9.6
spacewalk-backend-sql-postgresql: before 4.2.27-150300.4.38.7
spacewalk-search: before 4.2.10-150300.3.18.6
virtual-host-gatherer-Nutanix: before 1.0.25-150300.3.12.5
subscription-matcher: before 0.29-150300.6.15.5
susemanager-doc-indexes: before 4.2-150300.12.42.6
susemanager-docs_en-pdf: before 4.2-150300.12.42.5
susemanager-sls: before 4.2.32-150300.3.46.5
spacewalk-java: before 4.2.49-150300.3.63.3
spacewalk-backend-app: before 4.2.27-150300.4.38.7
spacewalk-java-lib: before 4.2.49-150300.3.63.3
spacewalk-backend-xmlrpc: before 4.2.27-150300.4.38.7
spacewalk-backend-package-push-server: before 4.2.27-150300.4.38.7
virtual-host-gatherer-VMware: before 1.0.25-150300.3.12.5
virtual-host-gatherer-libcloud: before 1.0.25-150300.3.12.5
guava: before 30.1.1-150300.4.3.4
python3-uyuni-common-libs: before 4.2.10-150300.3.17.6
spacewalk-backend: before 4.2.27-150300.4.38.7
spacewalk-proxy-broker: before 4.2.14-150300.3.27.6
python3-spacewalk-check: before 4.2.23-150300.4.33.7
spacewalk-proxy-common: before 4.2.14-150300.3.27.6
susemanager-build-keys-web: before 15.3.6-150300.3.9.5
spacewalk-proxy-package-manager: before 4.2.14-150300.3.27.6
spacewalk-base-minimal-config: before 4.2.34-150300.3.41.5
spacewalk-check: before 4.2.23-150300.4.33.7
spacewalk-proxy-redirect: before 4.2.14-150300.3.27.6
mgr-daemon: before 4.2.11-150300.2.12.5
spacecmd: before 4.2.22-150300.4.36.7
spacewalk-proxy-management: before 4.2.14-150300.3.27.6
spacewalk-client-tools: before 4.2.23-150300.4.33.7
susemanager-build-keys: before 15.3.6-150300.3.9.5
python3-spacewalk-client-setup: before 4.2.23-150300.4.33.7
spacewalk-base-minimal: before 4.2.34-150300.3.41.5
spacewalk-client-setup: before 4.2.23-150300.4.33.7
python3-spacewalk-client-tools: before 4.2.23-150300.4.33.7
spacewalk-proxy-salt: before 4.2.14-150300.3.27.6
CPE2.3http://www.suse.com/support/update/announcement/2023/suse-su-20231831-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.