An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged. This issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5; SUSE Manager Server Module 4.3: before 4.3.58-150400.3.46.4.
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Manager_server | Suse | 4.2 (including) | 4.2.50-150300.3.66.5 (excluding) |
Manager_server | Suse | 4.3 (including) | 4.3.58-150400.3.46.4 (excluding) |
While logging all information may be helpful during development stages, it is important that logging levels be set appropriately before a product ships so that sensitive user data and system information are not accidentally exposed to potential attackers. Different log files may be produced and stored for: