SUSE update for Security Beta update for SUSE Manager Client Tools
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2022-21698 CVE-2022-22934 CVE-2022-22936 CVE-2022-22941 |
| CWE-ID | CWE-20 CWE-310 CWE-294 CWE-732 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Manager Tools Operating systems & Components / Operating system suseRegisterInfo Operating systems & Components / Operating system package or component spacewalk-oscap Operating systems & Components / Operating system package or component spacewalk-koan Operating systems & Components / Operating system package or component spacewalk-client-tools Operating systems & Components / Operating system package or component spacewalk-client-setup Operating systems & Components / Operating system package or component spacewalk-check Operating systems & Components / Operating system package or component spacecmd Operating systems & Components / Operating system package or component python2-suseRegisterInfo Operating systems & Components / Operating system package or component python2-spacewalk-oscap Operating systems & Components / Operating system package or component python2-spacewalk-koan Operating systems & Components / Operating system package or component python2-spacewalk-client-tools Operating systems & Components / Operating system package or component python2-spacewalk-client-setup Operating systems & Components / Operating system package or component python2-spacewalk-check Operating systems & Components / Operating system package or component python2-rhnlib Operating systems & Components / Operating system package or component python2-mgr-virtualization-host Operating systems & Components / Operating system package or component python2-mgr-virtualization-common Operating systems & Components / Operating system package or component python2-mgr-push Operating systems & Components / Operating system package or component python2-mgr-osad Operating systems & Components / Operating system package or component python2-mgr-osa-common Operating systems & Components / Operating system package or component python2-mgr-cfg-management Operating systems & Components / Operating system package or component python2-mgr-cfg-client Operating systems & Components / Operating system package or component python2-mgr-cfg-actions Operating systems & Components / Operating system package or component python2-mgr-cfg Operating systems & Components / Operating system package or component mgr-virtualization-host Operating systems & Components / Operating system package or component mgr-push Operating systems & Components / Operating system package or component mgr-osad Operating systems & Components / Operating system package or component mgr-cfg-management Operating systems & Components / Operating system package or component mgr-cfg-client Operating systems & Components / Operating system package or component mgr-cfg-actions Operating systems & Components / Operating system package or component mgr-cfg Operating systems & Components / Operating system package or component salt-minion Operating systems & Components / Operating system package or component salt-doc Operating systems & Components / Operating system package or component salt Operating systems & Components / Operating system package or component python3-salt Operating systems & Components / Operating system package or component python2-uyuni-common-libs Operating systems & Components / Operating system package or component python2-salt Operating systems & Components / Operating system package or component golang-github-prometheus-promu Operating systems & Components / Operating system package or component golang-github-prometheus-prometheus Operating systems & Components / Operating system package or component golang-github-prometheus-node_exporter Operating systems & Components / Operating system package or component golang-github-prometheus-alertmanager Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU61599
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-21698
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within method label cardinality. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package Security Beta update for SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Tools: 12 BETA
suseRegisterInfo: before 4.3.3-28.21.1
spacewalk-oscap: before 4.3.5-22.18.1
spacewalk-koan: before 4.3.5-27.18.1
spacewalk-client-tools: before 4.3.9-55.45.1
spacewalk-client-setup: before 4.3.9-55.45.1
spacewalk-check: before 4.3.9-55.45.1
spacecmd: before 4.3.10-41.39.1
python2-suseRegisterInfo: before 4.3.3-28.21.1
python2-spacewalk-oscap: before 4.3.5-22.18.1
python2-spacewalk-koan: before 4.3.5-27.18.1
python2-spacewalk-client-tools: before 4.3.9-55.45.1
python2-spacewalk-client-setup: before 4.3.9-55.45.1
python2-spacewalk-check: before 4.3.9-55.45.1
python2-rhnlib: before 4.3.4-24.27.1
python2-mgr-virtualization-host: before 4.3.5-4.18.1
python2-mgr-virtualization-common: before 4.3.5-4.18.1
python2-mgr-push: before 4.3.4-4.18.1
python2-mgr-osad: before 4.3.6-4.27.1
python2-mgr-osa-common: before 4.3.6-4.27.1
python2-mgr-cfg-management: before 4.3.6-4.27.1
python2-mgr-cfg-client: before 4.3.6-4.27.1
python2-mgr-cfg-actions: before 4.3.6-4.27.1
python2-mgr-cfg: before 4.3.6-4.27.1
mgr-virtualization-host: before 4.3.5-4.18.1
mgr-push: before 4.3.4-4.18.1
mgr-osad: before 4.3.6-4.27.1
mgr-cfg-management: before 4.3.6-4.27.1
mgr-cfg-client: before 4.3.6-4.27.1
mgr-cfg-actions: before 4.3.6-4.27.1
mgr-cfg: before 4.3.6-4.27.1
salt-minion: before 3000-53.11.1
salt-doc: before 3000-53.11.1
salt: before 3000-53.11.1
python3-salt: before 3000-53.11.1
python2-uyuni-common-libs: before 4.3.4-3.30.1
python2-salt: before 3000-53.11.1
golang-github-prometheus-promu: before 0.13.0-4.9.1
golang-github-prometheus-prometheus: before 2.32.1-4.30.1
golang-github-prometheus-node_exporter: before 1.3.0-4.12.1
golang-github-prometheus-alertmanager: before 0.23.0-4.9.1
CPE2.3- cpe:2.3:o:suse:suse_manager_tools:12:BETA:*:*:*:*:*:*
- cpe:2.3:a:suse:suseregisterinfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-oscap:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-koan:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-client-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-client-setup:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-check:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacecmd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-suseregisterinfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-oscap:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-koan:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-client-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-client-setup:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-check:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-rhnlib:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-virtualization-host:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-virtualization-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-push:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-osad:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-osa-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-cfg-management:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-cfg-client:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-cfg-actions:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-cfg:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-virtualization-host:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-push:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-osad:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-cfg-management:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-cfg-client:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-cfg-actions:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-cfg:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:salt-minion:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:salt-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:salt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python3-salt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-uyuni-common-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-salt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:golang-github-prometheus-promu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:golang-github-prometheus-prometheus:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:golang-github-prometheus-node_exporter:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:golang-github-prometheus-alertmanager:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20221531-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cryptographic issues
EUVDB-ID: #VU82800
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-22934
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to manipulate data.
The vulnerability exists due to Salt Masters do not sign pillar data with the minion’s public key. A remote attacker can manipulate arbitrary pillar data.
MitigationUpdate the affected package Security Beta update for SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Tools: 12 BETA
suseRegisterInfo: before 4.3.3-28.21.1
spacewalk-oscap: before 4.3.5-22.18.1
spacewalk-koan: before 4.3.5-27.18.1
spacewalk-client-tools: before 4.3.9-55.45.1
spacewalk-client-setup: before 4.3.9-55.45.1
spacewalk-check: before 4.3.9-55.45.1
spacecmd: before 4.3.10-41.39.1
python2-suseRegisterInfo: before 4.3.3-28.21.1
python2-spacewalk-oscap: before 4.3.5-22.18.1
python2-spacewalk-koan: before 4.3.5-27.18.1
python2-spacewalk-client-tools: before 4.3.9-55.45.1
python2-spacewalk-client-setup: before 4.3.9-55.45.1
python2-spacewalk-check: before 4.3.9-55.45.1
python2-rhnlib: before 4.3.4-24.27.1
python2-mgr-virtualization-host: before 4.3.5-4.18.1
python2-mgr-virtualization-common: before 4.3.5-4.18.1
python2-mgr-push: before 4.3.4-4.18.1
python2-mgr-osad: before 4.3.6-4.27.1
python2-mgr-osa-common: before 4.3.6-4.27.1
python2-mgr-cfg-management: before 4.3.6-4.27.1
python2-mgr-cfg-client: before 4.3.6-4.27.1
python2-mgr-cfg-actions: before 4.3.6-4.27.1
python2-mgr-cfg: before 4.3.6-4.27.1
mgr-virtualization-host: before 4.3.5-4.18.1
mgr-push: before 4.3.4-4.18.1
mgr-osad: before 4.3.6-4.27.1
mgr-cfg-management: before 4.3.6-4.27.1
mgr-cfg-client: before 4.3.6-4.27.1
mgr-cfg-actions: before 4.3.6-4.27.1
mgr-cfg: before 4.3.6-4.27.1
salt-minion: before 3000-53.11.1
salt-doc: before 3000-53.11.1
salt: before 3000-53.11.1
python3-salt: before 3000-53.11.1
python2-uyuni-common-libs: before 4.3.4-3.30.1
python2-salt: before 3000-53.11.1
golang-github-prometheus-promu: before 0.13.0-4.9.1
golang-github-prometheus-prometheus: before 2.32.1-4.30.1
golang-github-prometheus-node_exporter: before 1.3.0-4.12.1
golang-github-prometheus-alertmanager: before 0.23.0-4.9.1
CPE2.3- cpe:2.3:o:suse:suse_manager_tools:12:BETA:*:*:*:*:*:*
- cpe:2.3:a:suse:suseregisterinfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-oscap:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-koan:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-client-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-client-setup:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-check:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacecmd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-suseregisterinfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-oscap:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-koan:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-client-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-client-setup:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-check:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-rhnlib:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-virtualization-host:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-virtualization-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-push:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-osad:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-osa-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-cfg-management:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-cfg-client:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-cfg-actions:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-cfg:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-virtualization-host:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-push:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-osad:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-cfg-management:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-cfg-client:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-cfg-actions:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-cfg:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:salt-minion:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:salt-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:salt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python3-salt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-uyuni-common-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-salt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:golang-github-prometheus-promu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:golang-github-prometheus-prometheus:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:golang-github-prometheus-node_exporter:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:golang-github-prometheus-alertmanager:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20221531-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Authentication Bypass by Capture-replay
EUVDB-ID: #VU82815
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-22936
CWE-ID:
CWE-294 - Authentication Bypass by Capture-replay
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper authentication in jobs. A remote attacker can perform a replay attack and force minions to run old jobs.
Update the affected package Security Beta update for SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Tools: 12 BETA
suseRegisterInfo: before 4.3.3-28.21.1
spacewalk-oscap: before 4.3.5-22.18.1
spacewalk-koan: before 4.3.5-27.18.1
spacewalk-client-tools: before 4.3.9-55.45.1
spacewalk-client-setup: before 4.3.9-55.45.1
spacewalk-check: before 4.3.9-55.45.1
spacecmd: before 4.3.10-41.39.1
python2-suseRegisterInfo: before 4.3.3-28.21.1
python2-spacewalk-oscap: before 4.3.5-22.18.1
python2-spacewalk-koan: before 4.3.5-27.18.1
python2-spacewalk-client-tools: before 4.3.9-55.45.1
python2-spacewalk-client-setup: before 4.3.9-55.45.1
python2-spacewalk-check: before 4.3.9-55.45.1
python2-rhnlib: before 4.3.4-24.27.1
python2-mgr-virtualization-host: before 4.3.5-4.18.1
python2-mgr-virtualization-common: before 4.3.5-4.18.1
python2-mgr-push: before 4.3.4-4.18.1
python2-mgr-osad: before 4.3.6-4.27.1
python2-mgr-osa-common: before 4.3.6-4.27.1
python2-mgr-cfg-management: before 4.3.6-4.27.1
python2-mgr-cfg-client: before 4.3.6-4.27.1
python2-mgr-cfg-actions: before 4.3.6-4.27.1
python2-mgr-cfg: before 4.3.6-4.27.1
mgr-virtualization-host: before 4.3.5-4.18.1
mgr-push: before 4.3.4-4.18.1
mgr-osad: before 4.3.6-4.27.1
mgr-cfg-management: before 4.3.6-4.27.1
mgr-cfg-client: before 4.3.6-4.27.1
mgr-cfg-actions: before 4.3.6-4.27.1
mgr-cfg: before 4.3.6-4.27.1
salt-minion: before 3000-53.11.1
salt-doc: before 3000-53.11.1
salt: before 3000-53.11.1
python3-salt: before 3000-53.11.1
python2-uyuni-common-libs: before 4.3.4-3.30.1
python2-salt: before 3000-53.11.1
golang-github-prometheus-promu: before 0.13.0-4.9.1
golang-github-prometheus-prometheus: before 2.32.1-4.30.1
golang-github-prometheus-node_exporter: before 1.3.0-4.12.1
golang-github-prometheus-alertmanager: before 0.23.0-4.9.1
CPE2.3- cpe:2.3:o:suse:suse_manager_tools:12:BETA:*:*:*:*:*:*
- cpe:2.3:a:suse:suseregisterinfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-oscap:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-koan:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-client-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-client-setup:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-check:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacecmd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-suseregisterinfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-oscap:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-koan:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-client-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-client-setup:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-check:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-rhnlib:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-virtualization-host:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-virtualization-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-push:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-osad:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-osa-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-cfg-management:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-cfg-client:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-cfg-actions:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-cfg:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-virtualization-host:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-push:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-osad:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-cfg-management:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-cfg-client:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-cfg-actions:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-cfg:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:salt-minion:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:salt-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:salt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python3-salt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-uyuni-common-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-salt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:golang-github-prometheus-promu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:golang-github-prometheus-prometheus:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:golang-github-prometheus-node_exporter:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:golang-github-prometheus-alertmanager:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20221531-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Incorrect permission assignment for critical resource
EUVDB-ID: #VU82817
Risk: Medium
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-22941
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise third-party minions.
The vulnerability exists due to improper permissions checks. A remote user can target any minion connected to the Syndic when configured as a Master-of-Masters, bypass publisher_acl and execute on any configured minion.
MitigationUpdate the affected package Security Beta update for SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Tools: 12 BETA
suseRegisterInfo: before 4.3.3-28.21.1
spacewalk-oscap: before 4.3.5-22.18.1
spacewalk-koan: before 4.3.5-27.18.1
spacewalk-client-tools: before 4.3.9-55.45.1
spacewalk-client-setup: before 4.3.9-55.45.1
spacewalk-check: before 4.3.9-55.45.1
spacecmd: before 4.3.10-41.39.1
python2-suseRegisterInfo: before 4.3.3-28.21.1
python2-spacewalk-oscap: before 4.3.5-22.18.1
python2-spacewalk-koan: before 4.3.5-27.18.1
python2-spacewalk-client-tools: before 4.3.9-55.45.1
python2-spacewalk-client-setup: before 4.3.9-55.45.1
python2-spacewalk-check: before 4.3.9-55.45.1
python2-rhnlib: before 4.3.4-24.27.1
python2-mgr-virtualization-host: before 4.3.5-4.18.1
python2-mgr-virtualization-common: before 4.3.5-4.18.1
python2-mgr-push: before 4.3.4-4.18.1
python2-mgr-osad: before 4.3.6-4.27.1
python2-mgr-osa-common: before 4.3.6-4.27.1
python2-mgr-cfg-management: before 4.3.6-4.27.1
python2-mgr-cfg-client: before 4.3.6-4.27.1
python2-mgr-cfg-actions: before 4.3.6-4.27.1
python2-mgr-cfg: before 4.3.6-4.27.1
mgr-virtualization-host: before 4.3.5-4.18.1
mgr-push: before 4.3.4-4.18.1
mgr-osad: before 4.3.6-4.27.1
mgr-cfg-management: before 4.3.6-4.27.1
mgr-cfg-client: before 4.3.6-4.27.1
mgr-cfg-actions: before 4.3.6-4.27.1
mgr-cfg: before 4.3.6-4.27.1
salt-minion: before 3000-53.11.1
salt-doc: before 3000-53.11.1
salt: before 3000-53.11.1
python3-salt: before 3000-53.11.1
python2-uyuni-common-libs: before 4.3.4-3.30.1
python2-salt: before 3000-53.11.1
golang-github-prometheus-promu: before 0.13.0-4.9.1
golang-github-prometheus-prometheus: before 2.32.1-4.30.1
golang-github-prometheus-node_exporter: before 1.3.0-4.12.1
golang-github-prometheus-alertmanager: before 0.23.0-4.9.1
CPE2.3- cpe:2.3:o:suse:suse_manager_tools:12:BETA:*:*:*:*:*:*
- cpe:2.3:a:suse:suseregisterinfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-oscap:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-koan:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-client-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-client-setup:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacewalk-check:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:spacecmd:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-suseregisterinfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-oscap:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-koan:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-client-tools:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-client-setup:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-spacewalk-check:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-rhnlib:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-virtualization-host:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-virtualization-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-push:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-osad:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-osa-common:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-cfg-management:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-cfg-client:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-cfg-actions:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-mgr-cfg:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-virtualization-host:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-push:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-osad:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-cfg-management:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-cfg-client:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-cfg-actions:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mgr-cfg:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:salt-minion:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:salt-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:salt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python3-salt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-uyuni-common-libs:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:python2-salt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:golang-github-prometheus-promu:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:golang-github-prometheus-prometheus:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:golang-github-prometheus-node_exporter:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:golang-github-prometheus-alertmanager:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20221531-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
