Main Vulnerability Database Vulnerabilities #VU86618

Path traversal in Uyuni SUSE Manager - CVE-2023-32189

Published: February 20, 2024

Vulnerability identifier: #VU86618

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-32189

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Uyuni Project

Affected software:
Uyuni SUSE Manager

Detailed vulnerability description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error in SUSE Manager when processing directory traversal sequences in the private SSH key file name when creating a new user. A remote user can pass a specially crafted filename to the application and overwrite arbitrary files on the system.

How to mitigate CVE-2023-32189

Install update from vendor's website.

Sources

https://bugzilla.suse.com/show_bug.cgi?id=1170848

Path traversal in Uyuni SUSE Manager - CVE-2023-32189

Detailed vulnerability description

How to mitigate CVE-2023-32189

Sources

Please verify you're human