Plain text HTTP Proxy user and password in repolog accessible from the Multi Linux Manager UI

July 31, 2025 invoker category_cve

CVE Details

Basic Information

Title Plain text HTTP Proxy user and password in repolog accessible from the Multi Linux Manager UI
Type cve
Published 2025-07-31T15:24:41.890Z
Modified 2025-07-31T15:24:41.890Z

Product Information

Vendor SUSE
Product Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1
Version ?

CVSS Information

Base Score 6.9 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Affected Products

  • SUSE Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 ?
  • SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS ?
  • SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure ?
  • SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 ?
  • SUSE Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE ?
  • SUSE SUSE Manager Server Module 4.3 ?

Additional Information

CWE List CWE-532
Source suse

Description

A Insertion of Sensitive Information into Log File vulnerability in SUSE Multi Linux Manager exposes the HTTP proxy credentials.Β This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.

πŸ’­ Join the Security Discussion

πŸ”’ Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.