Vulnerability Description
A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images. This issue affects: SUSE Linux Enterprise Server 12 autoyast2 version 4.1.9-3.9.1 and prior versions. SUSE Linux Enterprise Server 15 autoyast2 version 4.0.70-3.20.1 and prior versions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Autoyast2 | <= 4.1.9-3.9.1 |
| Suse | Linux Enterprise Server | 12 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00050.html
- https://bugzilla.suse.com/show_bug.cgi?id=1140711Issue TrackingVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00050.html
- https://bugzilla.suse.com/show_bug.cgi?id=1140711Issue TrackingVendor Advisory
FAQ
What is CVE-2019-18905?
CVE-2019-18905 is a vulnerability with a CVSS score of 4.8 (MEDIUM). A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when depreca...
How severe is CVE-2019-18905?
CVE-2019-18905 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-18905?
Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Autoyast2, Suse Linux Enterprise Server.