CVE-2018-20105 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-20105 Interim 1 23 2023-02-10T01:42:42Z current 2021-05-30T14:19:23Z 2023-02-10T01:42:42Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-20105 A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/update/announcement/2019/suse-su-20190629-1.html E-Mail link for SUSE-SU-2019:0629-1 https://lists.suse.com/pipermail/sle-security-updates/2020-March/006571.html E-Mail link for SUSE-SU-2020:0578-1 https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00000.html E-Mail link for openSUSE-SU-2019:1089-1 https://lists.opensuse.org/opensuse-updates/2020-02/msg00101.html E-Mail link for openSUSE-SU-2020:0253-1 https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00015.html E-Mail link for openSUSE-SU-2020:0320-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 openSUSE Leap 15.0 openSUSE Leap 15.1 openSUSE Tumbleweed yast2-rmt yast2-rmt-1.2.2-3.18.1 yast2-rmt-1.2.2-lp150.2.19.1 yast2-rmt-1.3.0-1.43 yast2-rmt-1.3.0-3.5.1 yast2-rmt-1.3.0-lp151.2.6.1 yast2-rmt-1.3.2-3.3.1 yast2-rmt-1.3.3-1.2 yast2-rmt-1.2.2-3.18.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 yast2-rmt-1.3.0-3.5.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 yast2-rmt-1.3.0-1.43 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 yast2-rmt-1.3.2-3.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 yast2-rmt-1.3.2-3.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 yast2-rmt-1.2.2-lp150.2.19.1 as a component of openSUSE Leap 15.0 yast2-rmt-1.3.0-lp151.2.6.1 as a component of openSUSE Leap 15.1 yast2-rmt-1.3.3-1.2 as a component of openSUSE Tumbleweed yast2-rmt as a component of SUSE Linux Enterprise Module for Server Applications 15 yast2-rmt as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2. CVE-2018-20105 SUSE Linux Enterprise Module for Server Applications 15:yast2-rmt-1.2.2-3.18.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:yast2-rmt-1.3.0-3.5.1 SUSE Linux Enterprise Module for Server Applications 15 SP2:yast2-rmt-1.3.0-1.43 SUSE Linux Enterprise Module for Server Applications 15 SP3:yast2-rmt-1.3.2-3.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:yast2-rmt-1.3.2-3.3.1 openSUSE Leap 15.0:yast2-rmt-1.2.2-lp150.2.19.1 openSUSE Leap 15.1:yast2-rmt-1.3.0-lp151.2.6.1 openSUSE Tumbleweed:yast2-rmt-1.3.3-1.2 SUSE Linux Enterprise Module for Server Applications 15 SP2:yast2-rmt SUSE Linux Enterprise Module for Server Applications 15:yast2-rmt moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N