CVE-2017-9271

The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:opensuse:zypper:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

History

07 Nov 2023, 02:50

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VP2DNHXEQFHXBCTSREPNR7BU4EX64SQG/', 'name': 'FEDORA-2021-ebc1c35c5d', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VP2DNHXEQFHXBCTSREPNR7BU4EX64SQG/ -
References (CONFIRM) https://www.suse.com/de-de/security/cve/CVE-2017-9271/ - Vendor Advisory () https://www.suse.com/de-de/security/cve/CVE-2017-9271/ -
References (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1050625 - Issue Tracking, Vendor Advisory () https://bugzilla.suse.com/show_bug.cgi?id=1050625 -

Information

Published : 2018-03-01 20:29

Updated : 2024-02-28 16:25


NVD link : CVE-2017-9271

Mitre link : CVE-2017-9271

CVE.ORG link : CVE-2017-9271


JSON object : View

Products Affected

opensuse

  • zypper

fedoraproject

  • fedora
CWE
CWE-532

Insertion of Sensitive Information into Log File