CVE-2011-3177
HIGHYaST2 - Unprotected User Data Exposure via Network Configuration Files
Title source: llmDescription
The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/yast/yast-core/commit/7fe2e3df308b8b6a901cb2cfd60f398df53219de
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=713661
Scores
CVSS v3
7.8
EPSS
0.0031
EPSS Percentile
23.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
Status
published
Products (1)
yast/yast2
Published
Sep 08, 2017
Tracked Since
Feb 18, 2026