Main Vulnerability Database SB202502195882

SB202502195882 - SUSE update for Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server

Published: February 19, 2025

Security Bulletin ID SB202502195882

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2024-22037)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the uyuni-server-attestation systemd service uses the database_password environment variable to store password. A local user can obtain the password via systemd.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2024/suse-ru-20244008-1/

Vulnerable Software

SUSE Manager Server Extension: 5.0
SUSE Manager Retail Branch Server Extension: 5.0
SUSE Manager Proxy Extension: 5.0
SUSE Linux Enterprise Micro: 5.5
mgradm-lang: before 0.1.26-150500.3.12.2
mgrctl-zsh-completion: before 0.1.26-150500.3.12.2
mgradm-bash-completion: before 0.1.26-150500.3.12.2
mgradm-zsh-completion: before 0.1.26-150500.3.12.2
mgrctl-bash-completion: before 0.1.26-150500.3.12.2
mgrctl-lang: before 0.1.26-150500.3.12.2
mgrctl-debuginfo: before 0.1.26-150500.3.12.2
mgrctl: before 0.1.26-150500.3.12.2
uyuni-storage-setup-server: before 5.0.3-150500.12.6.4
mgradm: before 0.1.26-150500.3.12.2
mgradm-debuginfo: before 0.1.26-150500.3.12.2
mgrpxy-zsh-completion: before 0.1.26-150500.3.12.2
mgrpxy-bash-completion: before 0.1.26-150500.3.12.2
mgrpxy-lang: before 0.1.26-150500.3.12.2
uyuni-storage-setup-proxy: before 5.0.3-150500.12.6.4
mgrpxy-debuginfo: before 0.1.26-150500.3.12.2
mgrpxy: before 0.1.26-150500.3.12.2