CVE-2017-9271

EUVD-2017-18207
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
microfocusCNA
4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
opensusezypper
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libzypp
bookworm
17.25.7-2.4
fixed
bullseye
17.25.7-1
fixed
buster
ignored
jessie
ignored
sid
17.35.12-1
fixed
trixie
17.35.12-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zypper
bionic
dne
focal
needs-triage
groovy
dne
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
dne
xenial
needs-triage
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=1050625
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VP2DNHXEQFHXBCTSREPNR7BU4EX64SQG/
https://www.suse.com/de-de/security/cve/CVE-2017-9271/
https://bugzilla.suse.com/show_bug.cgi?id=1050625
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VP2DNHXEQFHXBCTSREPNR7BU4EX64SQG/
https://www.suse.com/de-de/security/cve/CVE-2017-9271/