- Description
- libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.
- Source
- security@opentext.com
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 5.1
- Impact score
- 3.6
- Exploitability score
- 1.4
- Vector string
- CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 1.2
- Impact score
- 2.9
- Exploitability score
- 1.9
- Vector string
- AV:L/AC:H/Au:N/C:P/I:N/A:N
- Hype score
- Not currently trending
- Comment
- <a href="http://cwe.mitre.org/data/definitions/313.html">CWE-313: Cleartext Storage in a File or on Disk</a>
- Impact
- -
- Solution
- -
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:libstorage:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29CF3C2C-E4D3-4C91-8CD4-E03637FA4BA5"
},
{
"criteria": "cpe:2.3:a:opensuse:libstorage-ng:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB00F0BC-813B-44CA-B651-ADF33AB72578"
},
{
"criteria": "cpe:2.3:a:yast:yast-storage:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0605BCFE-8372-49B3-9585-31371DE5DA2E"
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7"
}
],
"operator": "OR"
}
]
}
]