Upstream information
Description
An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged.This issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5; SUSE Manager Server Module 4.3: before 4.3.58-150400.3.46.4.
SUSE information
Overall state of this security issue: Resolved
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
National Vulnerability Database | |
---|---|
Base Score | 3.8 |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
Attack Vector | Local |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | None |
Scope | Changed |
Confidentiality Impact | Low |
Integrity Impact | None |
Availability Impact | None |
CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- SUSE-CU-2023:1100-1, published Fri Apr 14 07:05:21 UTC 2023
- SUSE-CU-2023:1101-1, published Fri Apr 14 07:05:54 UTC 2023
- SUSE-CU-2023:2047-1, published Wed Jun 21 15:35:50 UTC 2023
- SUSE-CU-2023:4169-1, published Thu Dec 14 08:13:24 UTC 2023
- SUSE-RU-2023:2566-1, published Tue Feb 27 11:26:20 UTC 2024
- SUSE-RU-2023:2592-1, published Tue Feb 27 11:33:17 UTC 2024
- SUSE-RU-2023:2595-1, published Tue Feb 27 11:38:13 UTC 2024
- SUSE-SU-2023:1831-1, published Tue Feb 27 11:10:15 UTC 2024
- SUSE-SU-2023:2594-1, published
- SUSE-SU-2023:4737-1, published Thu Dec 14 12:31:10 UTC 2023
- SUSE-SU-2023:4758-1, published Wed Dec 13 12:33:17 UTC 2023
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
Container suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.2 |
| |
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE |
| |
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE |
| |
Image SLES15-SP4-Manager-Proxy-4-3-BYOS Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE |
| |
Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE |
| |
Image SLES15-SP4-Manager-Server-4-3 Image SLES15-SP4-Manager-Server-4-3-Azure-llc Image SLES15-SP4-Manager-Server-4-3-Azure-ltd Image SLES15-SP4-Manager-Server-4-3-EC2-llc Image SLES15-SP4-Manager-Server-4-3-EC2-ltd |
| |
SUSE Manager Server 4.2 |
| Patchnames: SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2594 |
SUSE Manager Server 4.3 |
| Patchnames: SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-2592 SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-4758 |
SUSE Manager Server Module 4.2 |
| Patchnames: SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-1831 SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-2595 |
SUSE Manager Server Module 4.3 |
| Patchnames: SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-2566 SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4737 |
First public cloud image revisions this CVE is fixed in:
- amazon/suse-manager-server-4-2-byos-v20230922-hvm-ssd-x86_64
- amazon/suse-manager-server-4-3-byos-v20230922-hvm-ssd-x86_64
- amazon/suse-manager-server-4-3-byos-v20231214-hvm-ssd-x86_64
- amazon/suse-manager-server-4-3-v20240301-hvm-ssd-x86_64-llc
- amazon/suse-manager-server-4-3-v20240301-hvm-ssd-x86_64-ltd
- google/suse-manager-server-4-2-byos-v20230922-x86-64
- google/suse-manager-server-4-3-byos-v20230922-x86-64
- google/suse-manager-server-4-3-byos-v20231214-x86-64
- microsoft/suse-manager-server-4-2-byos-v20230922-x86_64
- microsoft/suse-manager-server-4-3-byos-v20230922-x86_64
- microsoft/suse-manager-server-4-3-v20240228-x86_64-llc
- microsoft/suse-manager-server-4-3-v20240319-x86_64-ltd
SUSE Timeline for this CVE
CVE page created: Mon Jan 16 17:45:33 2023CVE page last modified: Sat Aug 24 19:04:12 2024