Main Vulnerability Database Vulnerabilities #VU86618

#VU86618 Path traversal in Uyuni SUSE Manager - CVE-2023-32189

Published: February 20, 2024

Vulnerability identifier: #VU86618

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-32189

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Uyuni SUSE Manager

Software vendor:
Uyuni Project

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error in SUSE Manager when processing directory traversal sequences in the private SSH key file name when creating a new user. A remote user can pass a specially crafted filename to the application and overwrite arbitrary files on the system.

Remediation

Install update from vendor's website.

External links

https://bugzilla.suse.com/show_bug.cgi?id=1170848