CVE-2017-9271

The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
opensusezypper
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libzypp
bookworm
17.25.7-2.4
fixed
bullseye
17.25.7-1
fixed
buster
ignored
jessie
ignored
sid
17.35.12-1
fixed
trixie
17.35.12-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zypper
bionic
dne
focal
needs-triage
groovy
dne
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
dne
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libsigc++2-devel
suse enterprise server 15 SP1
2.10.0-3.7.1
fixed
libsigc-2_0-0
suse enterprise server 15 SP1
2.10.0-3.7.1
fixed
libsolv-devel
suse enterprise server 15
0.7.17-3.40.1
fixed
suse enterprise server 15 SP1
0.7.17-3.32.1
fixed
libsolv-tools
suse enterprise server 15
0.7.17-3.40.1
fixed
suse enterprise server 15 SP1
0.7.17-3.32.1
fixed
libyui-ncurses-pkg-devel
suse enterprise server 15 SP1
2.48.9-7.7.1
fixed
libyui-ncurses-pkg-doc
suse enterprise server 15 SP1
2.48.9-7.7.1
fixed
libyui-ncurses-pkg9
suse enterprise server 15 SP1
2.48.9-7.7.1
fixed
libyui-qt-pkg-devel
suse enterprise server 15 SP1
2.45.28-3.10.1
fixed
libyui-qt-pkg-doc
suse enterprise server 15 SP1
2.45.28-3.10.1
fixed
libyui-qt-pkg9
suse enterprise server 15 SP1
2.45.28-3.10.1
fixed
libzypp
suse enterprise desktop 15 SP2
17.25.5-3.25.6
fixed
suse enterprise desktop 15 SP3
17.25.5-3.25.6
fixed
suse enterprise desktop 15 SP4
17.30.0-150400.1.6
fixed
suse enterprise desktop 15 SP5
17.31.8-150400.3.14.1
fixed
suse enterprise desktop 15 SP6
17.32.4-150600.1.2
fixed
suse enterprise desktop 15 SP7
17.36.3-150600.3.50.1
fixed
suse enterprise sap 12 SP5
16.22.13-65.3
fixed
suse enterprise sap 15 SP2
17.25.5-3.25.6
fixed
suse enterprise sap 15 SP3
17.25.5-3.25.6
fixed
suse enterprise sap 15 SP4
17.30.0-150400.1.6
fixed
suse enterprise sap 15 SP5
17.31.8-150400.3.14.1
fixed
suse enterprise sap 15 SP6
17.32.4-150600.1.2
fixed
suse enterprise sap 15 SP7
17.36.3-150600.3.50.1
fixed
suse enterprise server 12 SP3
16.22.13-65.3
fixed
suse enterprise server 12 SP5
16.22.13-65.3
fixed
suse enterprise server 15
17.25.8-3.66.1
fixed
suse enterprise server 15 SP1
17.25.8-3.48.1
fixed
suse enterprise server 15 SP2
17.25.5-3.25.6
fixed
suse enterprise server 15 SP3
17.25.5-3.25.6
fixed
suse enterprise server 15 SP4
17.30.0-150400.1.6
fixed
suse enterprise server 15 SP5
17.31.8-150400.3.14.1
fixed
suse enterprise server 15 SP6
17.32.4-150600.1.2
fixed
suse enterprise server 15 SP7
17.36.3-150600.3.50.1
fixed
libzypp-devel
suse enterprise desktop 15 SP2
17.25.5-3.25.6
fixed
suse enterprise desktop 15 SP3
17.25.5-3.25.6
fixed
suse enterprise desktop 15 SP4
17.30.0-150400.1.6
fixed
suse enterprise desktop 15 SP5
17.31.8-150400.3.14.1
fixed
suse enterprise desktop 15 SP6
17.32.4-150600.1.2
fixed
suse enterprise desktop 15 SP7
17.36.3-150600.3.50.1
fixed
suse enterprise sap 12 SP5
16.22.13-65.3
fixed
suse enterprise sap 15 SP2
17.25.5-3.25.6
fixed
suse enterprise sap 15 SP3
17.25.5-3.25.6
fixed
suse enterprise sap 15 SP4
17.30.0-150400.1.6
fixed
suse enterprise sap 15 SP5
17.31.8-150400.3.14.1
fixed
suse enterprise sap 15 SP6
17.32.4-150600.1.2
fixed
suse enterprise sap 15 SP7
17.36.3-150600.3.50.1
fixed
suse enterprise server 12 SP3
16.22.13-65.3
fixed
suse enterprise server 12 SP5
16.22.13-65.3
fixed
suse enterprise server 15
17.25.8-3.66.1
fixed
suse enterprise server 15 SP1
17.25.8-3.48.1
fixed
suse enterprise server 15 SP2
17.25.5-3.25.6
fixed
suse enterprise server 15 SP3
17.25.5-3.25.6
fixed
suse enterprise server 15 SP4
17.30.0-150400.1.6
fixed
suse enterprise server 15 SP5
17.31.8-150400.3.14.1
fixed
suse enterprise server 15 SP6
17.32.4-150600.1.2
fixed
suse enterprise server 15 SP7
17.36.3-150600.3.50.1
fixed
perl-solv
suse enterprise server 15
0.7.17-3.40.1
fixed
suse enterprise server 15 SP1
0.7.17-3.32.1
fixed
python-solv
suse enterprise server 15
0.7.17-3.40.1
fixed
python3-solv
suse enterprise server 15
0.7.17-3.40.1
fixed
suse enterprise server 15 SP1
0.7.17-3.32.1
fixed
ruby-solv
suse enterprise server 15
0.7.17-3.40.1
fixed
suse enterprise server 15 SP1
0.7.17-3.32.1
fixed
yast2-installation
suse enterprise desktop 15 SP2
4.2.48-3.16.1
fixed
suse enterprise sap 15 SP2
4.2.48-3.16.1
fixed
suse enterprise server 15
4.0.77-3.22.5
fixed
suse enterprise server 15 SP2
4.2.48-3.16.1
fixed
yast2-pkg-bindings
suse enterprise server 15 SP1
4.1.3-3.10.3
fixed
zypper
suse enterprise desktop 15 SP2
1.14.41-3.14.10
fixed
suse enterprise desktop 15 SP3
1.14.41-3.14.10
fixed
suse enterprise sap 12 SP5
1.13.66-21.61.3
fixed
suse enterprise sap 15 SP2
1.14.41-3.14.10
fixed
suse enterprise sap 15 SP3
1.14.41-3.14.10
fixed
suse enterprise server 12 SP3
1.13.66-21.61.3
fixed
suse enterprise server 12 SP5
1.13.66-21.61.3
fixed
suse enterprise server 15
1.14.43-3.49.1
fixed
suse enterprise server 15 SP1
1.14.43-3.34.1
fixed
suse enterprise server 15 SP2
1.14.41-3.14.10
fixed
suse enterprise server 15 SP3
1.14.41-3.14.10
fixed
zypper-log
suse enterprise desktop 15 SP2
1.14.41-3.14.10
fixed
suse enterprise desktop 15 SP3
1.14.41-3.14.10
fixed
suse enterprise sap 12 SP5
1.13.66-21.61.3
fixed
suse enterprise sap 15 SP2
1.14.41-3.14.10
fixed
suse enterprise sap 15 SP3
1.14.41-3.14.10
fixed
suse enterprise server 12 SP3
1.13.66-21.61.3
fixed
suse enterprise server 12 SP5
1.13.66-21.61.3
fixed
suse enterprise server 15
1.14.43-3.49.1
fixed
suse enterprise server 15 SP1
1.14.43-3.34.1
fixed
suse enterprise server 15 SP2
1.14.41-3.14.10
fixed
suse enterprise server 15 SP3
1.14.41-3.14.10
fixed
zypper-needs-restarting
suse enterprise desktop 15 SP2
1.14.41-3.14.10
fixed
suse enterprise desktop 15 SP3
1.14.41-3.14.10
fixed
suse enterprise sap 15 SP2
1.14.41-3.14.10
fixed
suse enterprise sap 15 SP3
1.14.41-3.14.10
fixed
suse enterprise server 15 SP1
1.14.43-3.34.1
fixed
suse enterprise server 15 SP2
1.14.41-3.14.10
fixed
suse enterprise server 15 SP3
1.14.41-3.14.10
fixed
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=1050625
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VP2DNHXEQFHXBCTSREPNR7BU4EX64SQG/
https://www.suse.com/de-de/security/cve/CVE-2017-9271/
https://bugzilla.suse.com/show_bug.cgi?id=1050625
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VP2DNHXEQFHXBCTSREPNR7BU4EX64SQG/
https://www.suse.com/de-de/security/cve/CVE-2017-9271/