Invocation of Process Using Visible Sensitive Information

CVE-2018-17957

Low

3.4/10

Summary

The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-214 - Invocation of Process Using Visible Sensitive Information

A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.

References

Advisory Timeline

Published Dec 26, 2018

Invocation of Process Using Visible Sensitive Information

CVE-2018-17957

Summary

CWE-214 - Invocation of Process Using Visible Sensitive Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS