CVE-2022-45154: supportconfig does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh
First published: Wed Feb 15 2023(Updated: )
A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opensuse Supportutils | <=3.0.10-95.51.1 | |
| SUSE Linux Enterprise Server | =12 | |
| Opensuse Supportutils | <=3.1.21-150000.5.44.1 | |
| SUSE Linux Enterprise Server | =15 | |
| Opensuse Supportutils | <=3.1.21-150300.7.35.15.1 | |
| SUSE Linux Enterprise Server | =15-sp3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-45154?
CVE-2022-45154 is a Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3.
How does CVE-2022-45154 affect Opensuse Supportutils?
CVE-2022-45154 affects Opensuse Supportutils versions 3.0.10-95.51.1 and 3.1.21-150000.5.44.1.
How does CVE-2022-45154 affect SUSE Linux Enterprise Server 12?
CVE-2022-45154 does not affect SUSE Linux Enterprise Server 12.
How does CVE-2022-45154 affect SUSE Linux Enterprise Server 15?
CVE-2022-45154 does not affect SUSE Linux Enterprise Server 15.
How does CVE-2022-45154 affect SUSE Linux Enterprise Server 15 SP3?
CVE-2022-45154 does not affect SUSE Linux Enterprise Server 15 SP3.
What is the severity of CVE-2022-45154?
The severity of CVE-2022-45154 is medium with a CVSS score of 5.5.
How can I fix CVE-2022-45154?
To fix CVE-2022-45154, it is recommended to update to a non-vulnerable version of suppportutils.
Where can I find more information about CVE-2022-45154?
You can find more information about CVE-2022-45154 at the following link: https://bugzilla.suse.com/show_bug.cgi?id=1207598
What is the CWE of CVE-2022-45154?
The CWE of CVE-2022-45154 is CWE-312: Cleartext Storage of Sensitive Information.
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/opensuse
- canonical/opensuse supportutils
- version/opensuse supportutils/3.0.10-95.51.1
- vendor/suse
- canonical/suse linux enterprise server
- version/suse linux enterprise server/12
- version/opensuse supportutils/3.1.21-150000.5.44.1
- version/suse linux enterprise server/15
- version/opensuse supportutils/3.1.21-150300.7.35.15.1
- version/suse linux enterprise server/15-sp3