Uyuni server attestation service exposed database password
CVE-2024-22037

5.5MEDIUM

Key Information:

Vendor

Suse
Status
Suse Manager Server 5.0
Vendor
CVE Published:
28 November 2024

What is CVE-2024-22037?

The uyuni-server-attestation systemd service has a significant security flaw related to its database password configuration. Specifically, it relies on an environment variable that is not properly secured. The associated file has permissions set to 640, limiting access to privileged users. However, the environment variable is still visible to non-privileged users through the systemd service management, leading to potential credential exposure. Organizations utilizing the Uyuni Server are urged to review their security configurations to mitigate risks associated with this exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SUSE Manager Server 5.0 ? < 0.1.26-150500.3.12.2

SUSE Manager Server 5.0 ? < 0.1.26-150500.3.12.2

SUSE Manager Server 5.0 ? < 0.1.26-150500.3.12.2

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22037

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

CĂ©dric Bosdonnat of SUSE
JSON
.