CVE-2018-20105

Summary

A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2.

Affected Software

VendorProductVersion RangeStatus
SUSESUSE Linux Enterprise Server 15yast2-rmt < 1.2.2affected
openSUSELeapyast2-rmt < 1.2.2affected

Weaknesses

  • CWE-532: CWE-532: Inclusion of Sensitive Information in Log Files

ADP Enrichment

CVE Program Container

Additional References

References