CVE Vulnerabilities

CVE-2018-17957

Invocation of Process Using Visible Sensitive Information

Published: Dec 26, 2018 | Modified: Nov 21, 2024
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.

Weakness

A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.

Affected Software

Name Vendor Start Version End Version
Repository_mirroring_tool Suse * 1.1.2 (excluding)

References