SB2024022767 - SUSE update for Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server
Published: February 27, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Incorrect default permissions (CVE-ID: CVE-2020-8908)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files located in the temporary directory set by the Guava com.google.common.io.Files.createTempDir(). A local user with access to the system can view contents of files and directories or modify them.
2) Improper authorization (CVE-ID: CVE-2022-0860)
The vulnerability allows a remote user to bypass authorization process.
The vulnerability exists due to incorrect processing of expired accounts when using PAM. A remote user with an expired account can still access the application.
3) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-22644)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files. A local user can read the log files and gain access to sensitive data.
Remediation
Install update from vendor's website.