Search
Find a vulnerability
Search criteria
2 vulnerabilities found for zypper by SUSE
CVE-2017-9271 (GCVE-0-2017-9271)
Vulnerability from nvd – Published: 2018-03-01 19:00 – Updated: 2024-09-16 23:26
VLAI
Title
proxy credentials written to log files by zypper
Summary
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.
Severity
4 (Medium)
CWE
- Proxy credentials are writting into logfiles
- CVE-532
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.suse.com/de-de/security/cve/CVE-2017-9271/ | x_refsource_CONFIRM |
| https://bugzilla.suse.com/show_bug.cgi?id=1050625 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Date Public
2018-03-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.suse.com/de-de/security/cve/CVE-2017-9271/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1050625"
},
{
"name": "FEDORA-2021-ebc1c35c5d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VP2DNHXEQFHXBCTSREPNR7BU4EX64SQG/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zypper",
"vendor": "SUSE",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mario Biberhofer"
}
],
"datePublic": "2018-03-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Proxy credentials are writting into logfiles",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"description": "CVE-532",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-13T03:06:06.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.suse.com/de-de/security/cve/CVE-2017-9271/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1050625"
},
{
"name": "FEDORA-2021-ebc1c35c5d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VP2DNHXEQFHXBCTSREPNR7BU4EX64SQG/"
}
],
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1050625"
],
"discovery": "EXTERNAL"
},
"title": "proxy credentials written to log files by zypper",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-03-01T00:00:00.000Z",
"ID": "CVE-2017-9271",
"STATE": "PUBLIC",
"TITLE": "proxy credentials written to log files by zypper"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zypper",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mario Biberhofer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Proxy credentials are writting into logfiles"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CVE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.suse.com/de-de/security/cve/CVE-2017-9271/",
"refsource": "CONFIRM",
"url": "https://www.suse.com/de-de/security/cve/CVE-2017-9271/"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1050625",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1050625"
},
{
"name": "FEDORA-2021-ebc1c35c5d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VP2DNHXEQFHXBCTSREPNR7BU4EX64SQG/"
}
]
},
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1050625"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9271",
"datePublished": "2018-03-01T19:00:00.000Z",
"dateReserved": "2017-05-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:26:26.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9271 (GCVE-0-2017-9271)
Vulnerability from cvelistv5 – Published: 2018-03-01 19:00 – Updated: 2024-09-16 23:26
VLAI
Title
proxy credentials written to log files by zypper
Summary
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.
Severity
4 (Medium)
CWE
- Proxy credentials are writting into logfiles
- CVE-532
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.suse.com/de-de/security/cve/CVE-2017-9271/ | x_refsource_CONFIRM |
| https://bugzilla.suse.com/show_bug.cgi?id=1050625 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Date Public
2018-03-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.suse.com/de-de/security/cve/CVE-2017-9271/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1050625"
},
{
"name": "FEDORA-2021-ebc1c35c5d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VP2DNHXEQFHXBCTSREPNR7BU4EX64SQG/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zypper",
"vendor": "SUSE",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mario Biberhofer"
}
],
"datePublic": "2018-03-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Proxy credentials are writting into logfiles",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"description": "CVE-532",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-13T03:06:06.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.suse.com/de-de/security/cve/CVE-2017-9271/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1050625"
},
{
"name": "FEDORA-2021-ebc1c35c5d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VP2DNHXEQFHXBCTSREPNR7BU4EX64SQG/"
}
],
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1050625"
],
"discovery": "EXTERNAL"
},
"title": "proxy credentials written to log files by zypper",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-03-01T00:00:00.000Z",
"ID": "CVE-2017-9271",
"STATE": "PUBLIC",
"TITLE": "proxy credentials written to log files by zypper"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zypper",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mario Biberhofer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Proxy credentials are writting into logfiles"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CVE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.suse.com/de-de/security/cve/CVE-2017-9271/",
"refsource": "CONFIRM",
"url": "https://www.suse.com/de-de/security/cve/CVE-2017-9271/"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1050625",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1050625"
},
{
"name": "FEDORA-2021-ebc1c35c5d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VP2DNHXEQFHXBCTSREPNR7BU4EX64SQG/"
}
]
},
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1050625"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9271",
"datePublished": "2018-03-01T19:00:00.000Z",
"dateReserved": "2017-05-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:26:26.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}