CVE-2018-17957
LOWSUSE Repository Mirroring Tool < 1.1.2 - Sensitive Information Exposure via Process Commandline
Title source: llmDescription
The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.
References (2)
Core 2
Core References
Mailing List x_refsource_confirm
https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00068.html
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1117602
Scores
CVSS v3
3.4
EPSS
0.0004
EPSS Percentile
13.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-214
CWE-287
Status
published
Products (1)
suse/repository_mirroring_tool
< 1.1.2
Published
Dec 26, 2018
Tracked Since
Feb 18, 2026