Lucene search

SuseCVELIST:CVE-2022-43753

HistoryNov 10, 2022 - 7:30 a.m.

CVE-2022-43753 SUMA/UYUNI arbitrary file disclosure vulnerability in ScapResultDownload

2022-11-1007:30:17

CWE-22

suse

www.cve.org

cve-2022-43753

suma

uyuni

arbitrary file disclosure

scapresultdownload

improper limitation

path traversal

suse linux enterprise

suse manager server 4.2

suse manager server 4.3

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

43.7%

JSON

A Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.

CNA Affected

[
  {
    "vendor": "SUSE",
    "product": "SUSE Linux Enterprise Module for SUSE Manager Server 4.2",
    "versions": [
      {
        "version": "hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls",
        "status": "affected",
        "lessThan": "4.2.28",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "SUSE",
    "product": "SUSE Linux Enterprise Module for SUSE Manager Server 4.3",
    "versions": [
      {
        "version": "spacewalk-java",
        "status": "affected",
        "lessThan": "4.3.39",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "SUSE",
    "product": "SUSE Manager Server 4.2",
    "versions": [
      {
        "version": "release-notes-susemanager",
        "status": "affected",
        "lessThan": "4.2.10",
        "versionType": "custom"
      }
    ]
  }
]

References

bugzilla.suse.com/show_bug.cgi?id=1204716

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

43.7%

JSON

Related for CVELIST:CVE-2022-43753