CVE-2019-3684

CWE-9223 documents3 sources

Severity

5.9MEDIUM

EPSS

0.2%

top 61.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Suse Manager Uyuni Uyuni Suse Manager

Timeline

PublishedMay 13

Latest updateMay 24

Description

SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5suse/suse_managerunspecified — 4.0.7

▶NVDsuse/manager4.0.7

▶CVEListV5uyuni/uyuniunspecified — 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade

🔴Vulnerability Details

GHSA

GHSA-wmqv-rv2p-ffx8: SUSE Manager until version 4↗2022-05-24

▶

CVEList

susemanager installer creates world-readable swap files↗2019-05-13

▶