CVE-2011-3177

HIGH

YaST2 - Unprotected User Data Exposure via Network Configuration Files

Title source: llm
STIX 2.1

Description

The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks.

References (2)

Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=713661

Scores

CVSS v3 7.8
EPSS 0.0031
EPSS Percentile 23.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (1)
yast/yast2
Published Sep 08, 2017
Tracked Since Feb 18, 2026