An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.
References
| Link | Resource |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1204543 | Issue Tracking Third Party Advisory |
| https://bugzilla.suse.com/show_bug.cgi?id=1204543 | Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:04
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://bugzilla.suse.com/show_bug.cgi?id=1204543 - Issue Tracking, Third Party Advisory |
Information
Published : 2022-11-10 15:15
Updated : 2024-11-21 07:04
NVD link : CVE-2022-31255
Mitre link : CVE-2022-31255
CVE.ORG link : CVE-2022-31255
JSON object : View
Products Affected
uyuni-project
- uyuni
suse
- manager_server
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')