Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 8 |
CVE-ID | CVE-2016-8647 CVE-2016-9587 CVE-2017-7466 CVE-2017-7550 CVE-2018-10874 CVE-2020-14365 CVE-2023-5764 CVE-2023-6152 CVE-2024-0690 |
CWE-ID | CWE-20 CWE-532 CWE-264 CWE-347 CWE-94 CWE-863 CWE-401 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #2 is available. |
Vulnerable software |
SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system SUSE Manager Client Tools Beta for SLE Micro Operating systems & Components / Operating system SUSE Manager Client Tools Beta for SLE Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications Operating systems & Components / Operating system golang-github-prometheus-node_exporter Operating systems & Components / Operating system package or component grafana Operating systems & Components / Operating system package or component grafana-debuginfo Operating systems & Components / Operating system package or component mgrctl Operating systems & Components / Operating system package or component python3-spacewalk-client-setup Operating systems & Components / Operating system package or component spacewalk-check Operating systems & Components / Operating system package or component mgrctl-bash-completion Operating systems & Components / Operating system package or component POS_Image-JeOS7 Operating systems & Components / Operating system package or component spacewalk-client-tools Operating systems & Components / Operating system package or component dracut-saltboot Operating systems & Components / Operating system package or component spacewalk-client-setup Operating systems & Components / Operating system package or component POS_Image-Graphical7 Operating systems & Components / Operating system package or component python3-spacewalk-client-tools Operating systems & Components / Operating system package or component mgrctl-zsh-completion Operating systems & Components / Operating system package or component supportutils-plugin-susemanager-client Operating systems & Components / Operating system package or component spacecmd Operating systems & Components / Operating system package or component python3-spacewalk-check Operating systems & Components / Operating system package or component ansible-doc Operating systems & Components / Operating system package or component ansible Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
EUVDB-ID: #VU7411
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-8647
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to bypass security restrictions on the target system.
The weakness exists due to input validation error in Ansible's mysql_user module that may lead to incorrect password changing. An adjacent attacker can use the previous password and bypass security restrictions.
Successful exploitation of the vulnerability may result in access to the system.
Update the affected package Security Beta update for SUSE Manager Client Tools and Salt to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 15: SP1 - SP6
openSUSE Leap: 15.3 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP6
SUSE Linux Enterprise Server 15: SP1 - SP6
SUSE Linux Enterprise Desktop 15: SP1 - SP6
SUSE Manager Client Tools Beta for SLE Micro: 5
SUSE Manager Client Tools Beta for SLE: 15
SUSE Linux Enterprise Micro: 5.0 - 5.5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications: 15
golang-github-prometheus-node_exporter: before 1.5.0-159000.6.2.1
grafana: before 9.5.16-159000.4.30.2
grafana-debuginfo: before 9.5.16-159000.4.30.2
mgrctl: before 0.1.7-159000.3.8.1
python3-spacewalk-client-setup: before 5.0.4-159000.6.54.2
spacewalk-check: before 5.0.4-159000.6.54.2
mgrctl-bash-completion: before 0.1.7-159000.3.8.1
POS_Image-JeOS7: before 0.1.1710765237.46af599-159000.3.24.2
spacewalk-client-tools: before 5.0.4-159000.6.54.2
dracut-saltboot: before 0.1.1710765237.46af599-159000.3.33.2
spacewalk-client-setup: before 5.0.4-159000.6.54.2
POS_Image-Graphical7: before 0.1.1710765237.46af599-159000.3.24.2
python3-spacewalk-client-tools: before 5.0.4-159000.6.54.2
mgrctl-zsh-completion: before 0.1.7-159000.3.8.1
supportutils-plugin-susemanager-client: before 5.0.3-159000.6.21.2
spacecmd: before 5.0.5-159000.6.48.2
python3-spacewalk-check: before 5.0.4-159000.6.54.2
ansible-doc: before 2.9.27-159000.3.12.2
ansible: before 2.9.27-159000.3.12.2
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20241427-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU6639
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2016-9587,CVE-2017-7466
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when processing responses, send by clients to Ansible server. A remote client can send a specially crafted response and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package Security Beta update for SUSE Manager Client Tools and Salt to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 15: SP1 - SP6
openSUSE Leap: 15.3 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP6
SUSE Linux Enterprise Server 15: SP1 - SP6
SUSE Linux Enterprise Desktop 15: SP1 - SP6
SUSE Manager Client Tools Beta for SLE Micro: 5
SUSE Manager Client Tools Beta for SLE: 15
SUSE Linux Enterprise Micro: 5.0 - 5.5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications: 15
golang-github-prometheus-node_exporter: before 1.5.0-159000.6.2.1
grafana: before 9.5.16-159000.4.30.2
grafana-debuginfo: before 9.5.16-159000.4.30.2
mgrctl: before 0.1.7-159000.3.8.1
python3-spacewalk-client-setup: before 5.0.4-159000.6.54.2
spacewalk-check: before 5.0.4-159000.6.54.2
mgrctl-bash-completion: before 0.1.7-159000.3.8.1
POS_Image-JeOS7: before 0.1.1710765237.46af599-159000.3.24.2
spacewalk-client-tools: before 5.0.4-159000.6.54.2
dracut-saltboot: before 0.1.1710765237.46af599-159000.3.33.2
spacewalk-client-setup: before 5.0.4-159000.6.54.2
POS_Image-Graphical7: before 0.1.1710765237.46af599-159000.3.24.2
python3-spacewalk-client-tools: before 5.0.4-159000.6.54.2
mgrctl-zsh-completion: before 0.1.7-159000.3.8.1
supportutils-plugin-susemanager-client: before 5.0.3-159000.6.21.2
spacecmd: before 5.0.5-159000.6.48.2
python3-spacewalk-check: before 5.0.4-159000.6.54.2
ansible-doc: before 2.9.27-159000.3.12.2
ansible: before 2.9.27-159000.3.12.2
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20241427-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU12555
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-7550
CWE-ID:
CWE-532 - Information Exposure Through Log Files
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to improper passing of certain parameters to the jenkins_plugin module. A remote attacker can gain access to potentially sensitive sensitive information from a remote host's logs.
MitigationUpdate the affected package Security Beta update for SUSE Manager Client Tools and Salt to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 15: SP1 - SP6
openSUSE Leap: 15.3 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP6
SUSE Linux Enterprise Server 15: SP1 - SP6
SUSE Linux Enterprise Desktop 15: SP1 - SP6
SUSE Manager Client Tools Beta for SLE Micro: 5
SUSE Manager Client Tools Beta for SLE: 15
SUSE Linux Enterprise Micro: 5.0 - 5.5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications: 15
golang-github-prometheus-node_exporter: before 1.5.0-159000.6.2.1
grafana: before 9.5.16-159000.4.30.2
grafana-debuginfo: before 9.5.16-159000.4.30.2
mgrctl: before 0.1.7-159000.3.8.1
python3-spacewalk-client-setup: before 5.0.4-159000.6.54.2
spacewalk-check: before 5.0.4-159000.6.54.2
mgrctl-bash-completion: before 0.1.7-159000.3.8.1
POS_Image-JeOS7: before 0.1.1710765237.46af599-159000.3.24.2
spacewalk-client-tools: before 5.0.4-159000.6.54.2
dracut-saltboot: before 0.1.1710765237.46af599-159000.3.33.2
spacewalk-client-setup: before 5.0.4-159000.6.54.2
POS_Image-Graphical7: before 0.1.1710765237.46af599-159000.3.24.2
python3-spacewalk-client-tools: before 5.0.4-159000.6.54.2
mgrctl-zsh-completion: before 0.1.7-159000.3.8.1
supportutils-plugin-susemanager-client: before 5.0.3-159000.6.21.2
spacecmd: before 5.0.5-159000.6.48.2
python3-spacewalk-check: before 5.0.4-159000.6.54.2
ansible-doc: before 2.9.27-159000.3.12.2
ansible: before 2.9.27-159000.3.12.2
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20241427-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU14157
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2018-10874
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to the system reads the 'ansible.cfg' file from the current working directory when running an ad-hoc command. A local attacker can modify the file to reference arbitrary plugin or module paths and execute arbitrary code from those paths with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package Security Beta update for SUSE Manager Client Tools and Salt to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 15: SP1 - SP6
openSUSE Leap: 15.3 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP6
SUSE Linux Enterprise Server 15: SP1 - SP6
SUSE Linux Enterprise Desktop 15: SP1 - SP6
SUSE Manager Client Tools Beta for SLE Micro: 5
SUSE Manager Client Tools Beta for SLE: 15
SUSE Linux Enterprise Micro: 5.0 - 5.5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications: 15
golang-github-prometheus-node_exporter: before 1.5.0-159000.6.2.1
grafana: before 9.5.16-159000.4.30.2
grafana-debuginfo: before 9.5.16-159000.4.30.2
mgrctl: before 0.1.7-159000.3.8.1
python3-spacewalk-client-setup: before 5.0.4-159000.6.54.2
spacewalk-check: before 5.0.4-159000.6.54.2
mgrctl-bash-completion: before 0.1.7-159000.3.8.1
POS_Image-JeOS7: before 0.1.1710765237.46af599-159000.3.24.2
spacewalk-client-tools: before 5.0.4-159000.6.54.2
dracut-saltboot: before 0.1.1710765237.46af599-159000.3.33.2
spacewalk-client-setup: before 5.0.4-159000.6.54.2
POS_Image-Graphical7: before 0.1.1710765237.46af599-159000.3.24.2
python3-spacewalk-client-tools: before 5.0.4-159000.6.54.2
mgrctl-zsh-completion: before 0.1.7-159000.3.8.1
supportutils-plugin-susemanager-client: before 5.0.3-159000.6.21.2
spacecmd: before 5.0.5-159000.6.48.2
python3-spacewalk-check: before 5.0.4-159000.6.54.2
ansible-doc: before 2.9.27-159000.3.12.2
ansible: before 2.9.27-159000.3.12.2
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20241427-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU47274
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-14365
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to #BASIC_IMPACT#.
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.
MitigationUpdate the affected package Security Beta update for SUSE Manager Client Tools and Salt to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 15: SP1 - SP6
openSUSE Leap: 15.3 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP6
SUSE Linux Enterprise Server 15: SP1 - SP6
SUSE Linux Enterprise Desktop 15: SP1 - SP6
SUSE Manager Client Tools Beta for SLE Micro: 5
SUSE Manager Client Tools Beta for SLE: 15
SUSE Linux Enterprise Micro: 5.0 - 5.5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications: 15
golang-github-prometheus-node_exporter: before 1.5.0-159000.6.2.1
grafana: before 9.5.16-159000.4.30.2
grafana-debuginfo: before 9.5.16-159000.4.30.2
mgrctl: before 0.1.7-159000.3.8.1
python3-spacewalk-client-setup: before 5.0.4-159000.6.54.2
spacewalk-check: before 5.0.4-159000.6.54.2
mgrctl-bash-completion: before 0.1.7-159000.3.8.1
POS_Image-JeOS7: before 0.1.1710765237.46af599-159000.3.24.2
spacewalk-client-tools: before 5.0.4-159000.6.54.2
dracut-saltboot: before 0.1.1710765237.46af599-159000.3.33.2
spacewalk-client-setup: before 5.0.4-159000.6.54.2
POS_Image-Graphical7: before 0.1.1710765237.46af599-159000.3.24.2
python3-spacewalk-client-tools: before 5.0.4-159000.6.54.2
mgrctl-zsh-completion: before 0.1.7-159000.3.8.1
supportutils-plugin-susemanager-client: before 5.0.3-159000.6.21.2
spacecmd: before 5.0.5-159000.6.48.2
python3-spacewalk-check: before 5.0.4-159000.6.54.2
ansible-doc: before 2.9.27-159000.3.12.2
ansible: before 2.9.27-159000.3.12.2
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20241427-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU84381
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-5764
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when handling templates. A remote user can remove the unsafe designation from template data and execute arbitrary code on the system.
Update the affected package Security Beta update for SUSE Manager Client Tools and Salt to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 15: SP1 - SP6
openSUSE Leap: 15.3 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP6
SUSE Linux Enterprise Server 15: SP1 - SP6
SUSE Linux Enterprise Desktop 15: SP1 - SP6
SUSE Manager Client Tools Beta for SLE Micro: 5
SUSE Manager Client Tools Beta for SLE: 15
SUSE Linux Enterprise Micro: 5.0 - 5.5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications: 15
golang-github-prometheus-node_exporter: before 1.5.0-159000.6.2.1
grafana: before 9.5.16-159000.4.30.2
grafana-debuginfo: before 9.5.16-159000.4.30.2
mgrctl: before 0.1.7-159000.3.8.1
python3-spacewalk-client-setup: before 5.0.4-159000.6.54.2
spacewalk-check: before 5.0.4-159000.6.54.2
mgrctl-bash-completion: before 0.1.7-159000.3.8.1
POS_Image-JeOS7: before 0.1.1710765237.46af599-159000.3.24.2
spacewalk-client-tools: before 5.0.4-159000.6.54.2
dracut-saltboot: before 0.1.1710765237.46af599-159000.3.33.2
spacewalk-client-setup: before 5.0.4-159000.6.54.2
POS_Image-Graphical7: before 0.1.1710765237.46af599-159000.3.24.2
python3-spacewalk-client-tools: before 5.0.4-159000.6.54.2
mgrctl-zsh-completion: before 0.1.7-159000.3.8.1
supportutils-plugin-susemanager-client: before 5.0.3-159000.6.21.2
spacecmd: before 5.0.5-159000.6.48.2
python3-spacewalk-check: before 5.0.4-159000.6.54.2
ansible-doc: before 2.9.27-159000.3.12.2
ansible: before 2.9.27-159000.3.12.2
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20241427-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89210
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6152
CWE-ID:
CWE-863 - Incorrect Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass email verification.
The vulnerability exists due to email addresses are verified only during sign up, if "verify_email_enabled" option is set. A remote attacker can register an account and then set an arbitrary email address without verification.
Update the affected package Security Beta update for SUSE Manager Client Tools and Salt to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 15: SP1 - SP6
openSUSE Leap: 15.3 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP6
SUSE Linux Enterprise Server 15: SP1 - SP6
SUSE Linux Enterprise Desktop 15: SP1 - SP6
SUSE Manager Client Tools Beta for SLE Micro: 5
SUSE Manager Client Tools Beta for SLE: 15
SUSE Linux Enterprise Micro: 5.0 - 5.5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications: 15
golang-github-prometheus-node_exporter: before 1.5.0-159000.6.2.1
grafana: before 9.5.16-159000.4.30.2
grafana-debuginfo: before 9.5.16-159000.4.30.2
mgrctl: before 0.1.7-159000.3.8.1
python3-spacewalk-client-setup: before 5.0.4-159000.6.54.2
spacewalk-check: before 5.0.4-159000.6.54.2
mgrctl-bash-completion: before 0.1.7-159000.3.8.1
POS_Image-JeOS7: before 0.1.1710765237.46af599-159000.3.24.2
spacewalk-client-tools: before 5.0.4-159000.6.54.2
dracut-saltboot: before 0.1.1710765237.46af599-159000.3.33.2
spacewalk-client-setup: before 5.0.4-159000.6.54.2
POS_Image-Graphical7: before 0.1.1710765237.46af599-159000.3.24.2
python3-spacewalk-client-tools: before 5.0.4-159000.6.54.2
mgrctl-zsh-completion: before 0.1.7-159000.3.8.1
supportutils-plugin-susemanager-client: before 5.0.3-159000.6.21.2
spacecmd: before 5.0.5-159000.6.48.2
python3-spacewalk-check: before 5.0.4-159000.6.54.2
ansible-doc: before 2.9.27-159000.3.12.2
ansible: before 2.9.27-159000.3.12.2
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20241427-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85621
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-0690
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak caused by a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. A local user can gain access to potentially sensitive information.
Update the affected package Security Beta update for SUSE Manager Client Tools and Salt to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 15: SP1 - SP6
openSUSE Leap: 15.3 - 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP6
SUSE Linux Enterprise Server 15: SP1 - SP6
SUSE Linux Enterprise Desktop 15: SP1 - SP6
SUSE Manager Client Tools Beta for SLE Micro: 5
SUSE Manager Client Tools Beta for SLE: 15
SUSE Linux Enterprise Micro: 5.0 - 5.5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications: 15
golang-github-prometheus-node_exporter: before 1.5.0-159000.6.2.1
grafana: before 9.5.16-159000.4.30.2
grafana-debuginfo: before 9.5.16-159000.4.30.2
mgrctl: before 0.1.7-159000.3.8.1
python3-spacewalk-client-setup: before 5.0.4-159000.6.54.2
spacewalk-check: before 5.0.4-159000.6.54.2
mgrctl-bash-completion: before 0.1.7-159000.3.8.1
POS_Image-JeOS7: before 0.1.1710765237.46af599-159000.3.24.2
spacewalk-client-tools: before 5.0.4-159000.6.54.2
dracut-saltboot: before 0.1.1710765237.46af599-159000.3.33.2
spacewalk-client-setup: before 5.0.4-159000.6.54.2
POS_Image-Graphical7: before 0.1.1710765237.46af599-159000.3.24.2
python3-spacewalk-client-tools: before 5.0.4-159000.6.54.2
mgrctl-zsh-completion: before 0.1.7-159000.3.8.1
supportutils-plugin-susemanager-client: before 5.0.3-159000.6.21.2
spacecmd: before 5.0.5-159000.6.48.2
python3-spacewalk-check: before 5.0.4-159000.6.54.2
ansible-doc: before 2.9.27-159000.3.12.2
ansible: before 2.9.27-159000.3.12.2
CPE2.3http://www.suse.com/support/update/announcement/2024/suse-su-20241427-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.