CVE-2018-17957

LOW

SUSE Repository Mirroring Tool < 1.1.2 - Sensitive Information Exposure via Process Commandline

Title source: llm
STIX 2.1

Description

The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.

References (2)

Core 2
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1117602

Scores

CVSS v3 3.4
EPSS 0.0037
EPSS Percentile 29.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Details

CWE
CWE-214 CWE-287
Status published
Products (1)
suse/repository_mirroring_tool < 1.1.2
Published Dec 26, 2018
Tracked Since Feb 18, 2026