cvelistv5 - CVE-2020-8028

CVE-2020-8028 (GCVE-0-2020-8028)

Vulnerability from cvelistv5 – Published: 2020-09-17 08:45 – Updated: 2024-09-17 03:54

Summary

A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1.

Severity ?

9.3 (Critical)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-284 - Improper Access Control

Assigner

suse

References

URL

GHSA-PMMP-F225-R347

Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-8028"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-17T10:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1.",
  "id": "GHSA-pmmp-f225-r347",
  "modified": "2022-05-24T17:29:12Z",
  "published": "2022-05-24T17:29:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8028"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1175884"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-8028

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-8028

Aliases

CVE-2020-8028

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-8028",
    "description": "A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1.",
    "id": "GSD-2020-8028",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-8028.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-8028"
      ],
      "details": "A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1.",
      "id": "GSD-2020-8028",
      "modified": "2023-12-13T01:21:54.200129Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@suse.com",
        "DATE_PUBLIC": "2020-09-16T00:00:00.000Z",
        "ID": "CVE-2020-8028",
        "STATE": "PUBLIC",
        "TITLE": "salt-api is accessible to every user on SUSE Manager Server"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SUSE Linux Enterprise Module for SUSE Manager Server 4.1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "salt-netapi-client",
                          "version_value": "0.17.0-3.3.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SUSE Manager Server 3.2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "salt-netapi-client",
                          "version_value": "0.16.0-4.14.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SUSE Manager Server 4.0",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "salt-netapi-client",
                          "version_value": "0.17.0-4.6.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SUSE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-284: Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.suse.com/show_bug.cgi?id=1175884",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1175884"
          }
        ]
      },
      "source": {
        "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1175884",
        "defect": [
          "1175884"
        ],
        "discovery": "EXTERNAL"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[,0.16.0-4.14.1),[0.17.0,0.17.0-4.6.3)",
          "affected_versions": "All versions after 0.16.0-4.14.1 before 0.17.0-4.6.3",
          "cvss_v2": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-284",
            "CWE-937"
          ],
          "date": "2020-09-28",
          "description": "A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server, SUSE Manager Proxy, SUSE Manager Retail Branch Server, SUSE Manager Server, SUSE Manager Server allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server google-gson, httpcomponents-client, httpcomponents, SUSE Manager Proxy release-notes-susemanager-proxy, SUSE Manager Retail Branch Server release-notes-susemanager-proxy, SUSE Manager Server salt-netapi-client, spacewalk, SUSE Manager Server release-notes-susemanager.",
          "fixed_versions": [
            "0.16.0-4.14.1",
            "0.17.0-4.6.3"
          ],
          "identifier": "CVE-2020-8028",
          "identifiers": [
            "CVE-2020-8028"
          ],
          "not_impacted": "All versions before 0.16.0-4.14.1, all versions after 0.17.0 before 0.17.0-4.6.3",
          "package_slug": "maven/com.suse.salt/salt-netapi-client",
          "pubdate": "2020-09-17",
          "solution": "Upgrade to versions 0.16.0-4.14.1, 0.17.0-4.6.3, or higher",
          "title": "Improper Access Control",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-8028",
            "https://bugzilla.suse.com/show_bug.cgi?id=1175884"
          ],
          "uuid": "f533a007-621e-4780-a97f-17c068458c55"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:suse:salt-netapi-client:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "0.17.0-3.3.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:suse:salt-netapi-client:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "0.16.0-4.14.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:suse:manager_server:3.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:suse:salt-netapi-client:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "0.17.0-4.6.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:suse:manager_server:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "ID": "CVE-2020-8028"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1175884",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1175884"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.5,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2020-09-28T19:43Z",
      "publishedDate": "2020-09-17T10:15Z"
    }
  }
}

SUSE-SU-2020:2648-1

Vulnerability from csaf_suse - Published: 2020-09-16 12:23 - Updated: 2020-09-16 12:23

Summary

Security update for SUSE Manager 3.2

Notes

Title of the patch

Security update for SUSE Manager 3.2

Description of the patch

This update for SUSE Manager 3.2 fixes the following issues: salt-netapi-client: - Refresh authentication module list to newer Salt versions spacewalk-admin: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) spacewalk-java: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) spacewalk-setup: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)

Patchnames

SUSE-2020-2648,SUSE-SUSE-Manager-Server-3.2-2020-2648

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for SUSE Manager 3.2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for SUSE Manager 3.2 fixes the following issues:\n\nsalt-netapi-client:\n\n- Refresh authentication module list to newer Salt versions\n\nspacewalk-admin:\n\n- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)\n\nspacewalk-java:\n\n- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)\n\nspacewalk-setup:\n\n- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-2648,SUSE-SUSE-Manager-Server-3.2-2020-2648",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2648-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:2648-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202648-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:2648-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-September/007433.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175884",
        "url": "https://bugzilla.suse.com/1175884"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8028 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8028/"
      }
    ],
    "title": "Security update for SUSE Manager 3.2",
    "tracking": {
      "current_release_date": "2020-09-16T12:23:03Z",
      "generator": {
        "date": "2020-09-16T12:23:03Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:2648-1",
      "initial_release_date": "2020-09-16T12:23:03Z",
      "revision_history": [
        {
          "date": "2020-09-16T12:23:03Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "salt-netapi-client-0.16.0-4.14.1.noarch",
                "product": {
                  "name": "salt-netapi-client-0.16.0-4.14.1.noarch",
                  "product_id": "salt-netapi-client-0.16.0-4.14.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-admin-2.8.4.7-3.15.1.noarch",
                "product": {
                  "name": "spacewalk-admin-2.8.4.7-3.15.1.noarch",
                  "product_id": "spacewalk-admin-2.8.4.7-3.15.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-2.8.78.30-3.53.1.noarch",
                "product": {
                  "name": "spacewalk-java-2.8.78.30-3.53.1.noarch",
                  "product_id": "spacewalk-java-2.8.78.30-3.53.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-apidoc-sources-2.8.78.30-3.53.1.noarch",
                "product": {
                  "name": "spacewalk-java-apidoc-sources-2.8.78.30-3.53.1.noarch",
                  "product_id": "spacewalk-java-apidoc-sources-2.8.78.30-3.53.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-config-2.8.78.30-3.53.1.noarch",
                "product": {
                  "name": "spacewalk-java-config-2.8.78.30-3.53.1.noarch",
                  "product_id": "spacewalk-java-config-2.8.78.30-3.53.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-lib-2.8.78.30-3.53.1.noarch",
                "product": {
                  "name": "spacewalk-java-lib-2.8.78.30-3.53.1.noarch",
                  "product_id": "spacewalk-java-lib-2.8.78.30-3.53.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-oracle-2.8.78.30-3.53.1.noarch",
                "product": {
                  "name": "spacewalk-java-oracle-2.8.78.30-3.53.1.noarch",
                  "product_id": "spacewalk-java-oracle-2.8.78.30-3.53.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-postgresql-2.8.78.30-3.53.1.noarch",
                "product": {
                  "name": "spacewalk-java-postgresql-2.8.78.30-3.53.1.noarch",
                  "product_id": "spacewalk-java-postgresql-2.8.78.30-3.53.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-setup-2.8.7.11-3.28.1.noarch",
                "product": {
                  "name": "spacewalk-setup-2.8.7.11-3.28.1.noarch",
                  "product_id": "spacewalk-setup-2.8.7.11-3.28.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-taskomatic-2.8.78.30-3.53.1.noarch",
                "product": {
                  "name": "spacewalk-taskomatic-2.8.78.30-3.53.1.noarch",
                  "product_id": "spacewalk-taskomatic-2.8.78.30-3.53.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Manager Server 3.2",
                "product": {
                  "name": "SUSE Manager Server 3.2",
                  "product_id": "SUSE Manager Server 3.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-server:3.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-netapi-client-0.16.0-4.14.1.noarch as component of SUSE Manager Server 3.2",
          "product_id": "SUSE Manager Server 3.2:salt-netapi-client-0.16.0-4.14.1.noarch"
        },
        "product_reference": "salt-netapi-client-0.16.0-4.14.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-admin-2.8.4.7-3.15.1.noarch as component of SUSE Manager Server 3.2",
          "product_id": "SUSE Manager Server 3.2:spacewalk-admin-2.8.4.7-3.15.1.noarch"
        },
        "product_reference": "spacewalk-admin-2.8.4.7-3.15.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-2.8.78.30-3.53.1.noarch as component of SUSE Manager Server 3.2",
          "product_id": "SUSE Manager Server 3.2:spacewalk-java-2.8.78.30-3.53.1.noarch"
        },
        "product_reference": "spacewalk-java-2.8.78.30-3.53.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-config-2.8.78.30-3.53.1.noarch as component of SUSE Manager Server 3.2",
          "product_id": "SUSE Manager Server 3.2:spacewalk-java-config-2.8.78.30-3.53.1.noarch"
        },
        "product_reference": "spacewalk-java-config-2.8.78.30-3.53.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-lib-2.8.78.30-3.53.1.noarch as component of SUSE Manager Server 3.2",
          "product_id": "SUSE Manager Server 3.2:spacewalk-java-lib-2.8.78.30-3.53.1.noarch"
        },
        "product_reference": "spacewalk-java-lib-2.8.78.30-3.53.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-oracle-2.8.78.30-3.53.1.noarch as component of SUSE Manager Server 3.2",
          "product_id": "SUSE Manager Server 3.2:spacewalk-java-oracle-2.8.78.30-3.53.1.noarch"
        },
        "product_reference": "spacewalk-java-oracle-2.8.78.30-3.53.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-postgresql-2.8.78.30-3.53.1.noarch as component of SUSE Manager Server 3.2",
          "product_id": "SUSE Manager Server 3.2:spacewalk-java-postgresql-2.8.78.30-3.53.1.noarch"
        },
        "product_reference": "spacewalk-java-postgresql-2.8.78.30-3.53.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-setup-2.8.7.11-3.28.1.noarch as component of SUSE Manager Server 3.2",
          "product_id": "SUSE Manager Server 3.2:spacewalk-setup-2.8.7.11-3.28.1.noarch"
        },
        "product_reference": "spacewalk-setup-2.8.7.11-3.28.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 3.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-taskomatic-2.8.78.30-3.53.1.noarch as component of SUSE Manager Server 3.2",
          "product_id": "SUSE Manager Server 3.2:spacewalk-taskomatic-2.8.78.30-3.53.1.noarch"
        },
        "product_reference": "spacewalk-taskomatic-2.8.78.30-3.53.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 3.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8028",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8028"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Server 3.2:salt-netapi-client-0.16.0-4.14.1.noarch",
          "SUSE Manager Server 3.2:spacewalk-admin-2.8.4.7-3.15.1.noarch",
          "SUSE Manager Server 3.2:spacewalk-java-2.8.78.30-3.53.1.noarch",
          "SUSE Manager Server 3.2:spacewalk-java-config-2.8.78.30-3.53.1.noarch",
          "SUSE Manager Server 3.2:spacewalk-java-lib-2.8.78.30-3.53.1.noarch",
          "SUSE Manager Server 3.2:spacewalk-java-oracle-2.8.78.30-3.53.1.noarch",
          "SUSE Manager Server 3.2:spacewalk-java-postgresql-2.8.78.30-3.53.1.noarch",
          "SUSE Manager Server 3.2:spacewalk-setup-2.8.7.11-3.28.1.noarch",
          "SUSE Manager Server 3.2:spacewalk-taskomatic-2.8.78.30-3.53.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8028",
          "url": "https://www.suse.com/security/cve/CVE-2020-8028"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1175884 for CVE-2020-8028",
          "url": "https://bugzilla.suse.com/1175884"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Server 3.2:salt-netapi-client-0.16.0-4.14.1.noarch",
            "SUSE Manager Server 3.2:spacewalk-admin-2.8.4.7-3.15.1.noarch",
            "SUSE Manager Server 3.2:spacewalk-java-2.8.78.30-3.53.1.noarch",
            "SUSE Manager Server 3.2:spacewalk-java-config-2.8.78.30-3.53.1.noarch",
            "SUSE Manager Server 3.2:spacewalk-java-lib-2.8.78.30-3.53.1.noarch",
            "SUSE Manager Server 3.2:spacewalk-java-oracle-2.8.78.30-3.53.1.noarch",
            "SUSE Manager Server 3.2:spacewalk-java-postgresql-2.8.78.30-3.53.1.noarch",
            "SUSE Manager Server 3.2:spacewalk-setup-2.8.7.11-3.28.1.noarch",
            "SUSE Manager Server 3.2:spacewalk-taskomatic-2.8.78.30-3.53.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Server 3.2:salt-netapi-client-0.16.0-4.14.1.noarch",
            "SUSE Manager Server 3.2:spacewalk-admin-2.8.4.7-3.15.1.noarch",
            "SUSE Manager Server 3.2:spacewalk-java-2.8.78.30-3.53.1.noarch",
            "SUSE Manager Server 3.2:spacewalk-java-config-2.8.78.30-3.53.1.noarch",
            "SUSE Manager Server 3.2:spacewalk-java-lib-2.8.78.30-3.53.1.noarch",
            "SUSE Manager Server 3.2:spacewalk-java-oracle-2.8.78.30-3.53.1.noarch",
            "SUSE Manager Server 3.2:spacewalk-java-postgresql-2.8.78.30-3.53.1.noarch",
            "SUSE Manager Server 3.2:spacewalk-setup-2.8.7.11-3.28.1.noarch",
            "SUSE Manager Server 3.2:spacewalk-taskomatic-2.8.78.30-3.53.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-09-16T12:23:03Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-8028"
    }
  ]
}

SUSE-SU-2020:2647-1

Vulnerability from csaf_suse - Published: 2020-09-16 12:22 - Updated: 2020-09-16 12:22

Summary

Security update for for SUSE Manager 4.1

Notes

Title of the patch

Security update for for SUSE Manager 4.1

Description of the patch

This update for SUSE Manager 4.1 fixes the following issues: google-gson: - Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages. httpcomponents-client: - Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages. httpcomponents-core: - Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages. salt-netapi-client: - Refresh authentication module list to newer Salt versions spacewalk-admin: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) spacewalk-java: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) spacewalk-setup: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) velocity: - Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages.

Patchnames

SUSE-2020-2647,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-2647

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for for SUSE Manager 4.1",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for SUSE Manager 4.1 fixes the following issues:\n\ngoogle-gson:\n\n- Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages.\n\nhttpcomponents-client:\n\n- Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages.\n\nhttpcomponents-core:\n\n- Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages.\n\nsalt-netapi-client:\n\n- Refresh authentication module list to newer Salt versions\n\nspacewalk-admin:\n\n- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)\n\nspacewalk-java:\n\n- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)\n\nspacewalk-setup:\n\n- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)\n\nvelocity:\n\n- Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-2647,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-2647",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2647-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:2647-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202647-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:2647-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-September/007434.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175884",
        "url": "https://bugzilla.suse.com/1175884"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8028 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8028/"
      }
    ],
    "title": "Security update for for SUSE Manager 4.1",
    "tracking": {
      "current_release_date": "2020-09-16T12:22:50Z",
      "generator": {
        "date": "2020-09-16T12:22:50Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:2647-1",
      "initial_release_date": "2020-09-16T12:22:50Z",
      "revision_history": [
        {
          "date": "2020-09-16T12:22:50Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "google-gson-2.8.5-3.4.3.noarch",
                "product": {
                  "name": "google-gson-2.8.5-3.4.3.noarch",
                  "product_id": "google-gson-2.8.5-3.4.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "google-gson-javadoc-2.8.5-3.4.3.noarch",
                "product": {
                  "name": "google-gson-javadoc-2.8.5-3.4.3.noarch",
                  "product_id": "google-gson-javadoc-2.8.5-3.4.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "httpcomponents-client-4.5.6-3.4.2.noarch",
                "product": {
                  "name": "httpcomponents-client-4.5.6-3.4.2.noarch",
                  "product_id": "httpcomponents-client-4.5.6-3.4.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "httpcomponents-client-cache-4.5.6-3.4.2.noarch",
                "product": {
                  "name": "httpcomponents-client-cache-4.5.6-3.4.2.noarch",
                  "product_id": "httpcomponents-client-cache-4.5.6-3.4.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "httpcomponents-client-javadoc-4.5.6-3.4.2.noarch",
                "product": {
                  "name": "httpcomponents-client-javadoc-4.5.6-3.4.2.noarch",
                  "product_id": "httpcomponents-client-javadoc-4.5.6-3.4.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "httpcomponents-core-4.4.10-3.4.2.noarch",
                "product": {
                  "name": "httpcomponents-core-4.4.10-3.4.2.noarch",
                  "product_id": "httpcomponents-core-4.4.10-3.4.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "httpcomponents-core-javadoc-4.4.10-3.4.2.noarch",
                "product": {
                  "name": "httpcomponents-core-javadoc-4.4.10-3.4.2.noarch",
                  "product_id": "httpcomponents-core-javadoc-4.4.10-3.4.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "salt-netapi-client-0.17.0-3.3.2.noarch",
                "product": {
                  "name": "salt-netapi-client-0.17.0-3.3.2.noarch",
                  "product_id": "salt-netapi-client-0.17.0-3.3.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-admin-4.1.6-3.3.3.noarch",
                "product": {
                  "name": "spacewalk-admin-4.1.6-3.3.3.noarch",
                  "product_id": "spacewalk-admin-4.1.6-3.3.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-4.1.19-3.8.2.noarch",
                "product": {
                  "name": "spacewalk-java-4.1.19-3.8.2.noarch",
                  "product_id": "spacewalk-java-4.1.19-3.8.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-apidoc-sources-4.1.19-3.8.2.noarch",
                "product": {
                  "name": "spacewalk-java-apidoc-sources-4.1.19-3.8.2.noarch",
                  "product_id": "spacewalk-java-apidoc-sources-4.1.19-3.8.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-config-4.1.19-3.8.2.noarch",
                "product": {
                  "name": "spacewalk-java-config-4.1.19-3.8.2.noarch",
                  "product_id": "spacewalk-java-config-4.1.19-3.8.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-lib-4.1.19-3.8.2.noarch",
                "product": {
                  "name": "spacewalk-java-lib-4.1.19-3.8.2.noarch",
                  "product_id": "spacewalk-java-lib-4.1.19-3.8.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-postgresql-4.1.19-3.8.2.noarch",
                "product": {
                  "name": "spacewalk-java-postgresql-4.1.19-3.8.2.noarch",
                  "product_id": "spacewalk-java-postgresql-4.1.19-3.8.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-setup-4.1.6-3.3.2.noarch",
                "product": {
                  "name": "spacewalk-setup-4.1.6-3.3.2.noarch",
                  "product_id": "spacewalk-setup-4.1.6-3.3.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-taskomatic-4.1.19-3.8.2.noarch",
                "product": {
                  "name": "spacewalk-taskomatic-4.1.19-3.8.2.noarch",
                  "product_id": "spacewalk-taskomatic-4.1.19-3.8.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "velocity-1.7-11.4.3.noarch",
                "product": {
                  "name": "velocity-1.7-11.4.3.noarch",
                  "product_id": "velocity-1.7-11.4.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "velocity-demo-1.7-11.4.3.noarch",
                "product": {
                  "name": "velocity-demo-1.7-11.4.3.noarch",
                  "product_id": "velocity-demo-1.7-11.4.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "velocity-javadoc-1.7-11.4.3.noarch",
                "product": {
                  "name": "velocity-javadoc-1.7-11.4.3.noarch",
                  "product_id": "velocity-javadoc-1.7-11.4.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "velocity-manual-1.7-11.4.3.noarch",
                "product": {
                  "name": "velocity-manual-1.7-11.4.3.noarch",
                  "product_id": "velocity-manual-1.7-11.4.3.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Manager Server Module 4.1",
                "product": {
                  "name": "SUSE Manager Server Module 4.1",
                  "product_id": "SUSE Manager Server Module 4.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "google-gson-2.8.5-3.4.3.noarch as component of SUSE Manager Server Module 4.1",
          "product_id": "SUSE Manager Server Module 4.1:google-gson-2.8.5-3.4.3.noarch"
        },
        "product_reference": "google-gson-2.8.5-3.4.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpcomponents-client-4.5.6-3.4.2.noarch as component of SUSE Manager Server Module 4.1",
          "product_id": "SUSE Manager Server Module 4.1:httpcomponents-client-4.5.6-3.4.2.noarch"
        },
        "product_reference": "httpcomponents-client-4.5.6-3.4.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpcomponents-core-4.4.10-3.4.2.noarch as component of SUSE Manager Server Module 4.1",
          "product_id": "SUSE Manager Server Module 4.1:httpcomponents-core-4.4.10-3.4.2.noarch"
        },
        "product_reference": "httpcomponents-core-4.4.10-3.4.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-netapi-client-0.17.0-3.3.2.noarch as component of SUSE Manager Server Module 4.1",
          "product_id": "SUSE Manager Server Module 4.1:salt-netapi-client-0.17.0-3.3.2.noarch"
        },
        "product_reference": "salt-netapi-client-0.17.0-3.3.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-admin-4.1.6-3.3.3.noarch as component of SUSE Manager Server Module 4.1",
          "product_id": "SUSE Manager Server Module 4.1:spacewalk-admin-4.1.6-3.3.3.noarch"
        },
        "product_reference": "spacewalk-admin-4.1.6-3.3.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-4.1.19-3.8.2.noarch as component of SUSE Manager Server Module 4.1",
          "product_id": "SUSE Manager Server Module 4.1:spacewalk-java-4.1.19-3.8.2.noarch"
        },
        "product_reference": "spacewalk-java-4.1.19-3.8.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-config-4.1.19-3.8.2.noarch as component of SUSE Manager Server Module 4.1",
          "product_id": "SUSE Manager Server Module 4.1:spacewalk-java-config-4.1.19-3.8.2.noarch"
        },
        "product_reference": "spacewalk-java-config-4.1.19-3.8.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-lib-4.1.19-3.8.2.noarch as component of SUSE Manager Server Module 4.1",
          "product_id": "SUSE Manager Server Module 4.1:spacewalk-java-lib-4.1.19-3.8.2.noarch"
        },
        "product_reference": "spacewalk-java-lib-4.1.19-3.8.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-postgresql-4.1.19-3.8.2.noarch as component of SUSE Manager Server Module 4.1",
          "product_id": "SUSE Manager Server Module 4.1:spacewalk-java-postgresql-4.1.19-3.8.2.noarch"
        },
        "product_reference": "spacewalk-java-postgresql-4.1.19-3.8.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-setup-4.1.6-3.3.2.noarch as component of SUSE Manager Server Module 4.1",
          "product_id": "SUSE Manager Server Module 4.1:spacewalk-setup-4.1.6-3.3.2.noarch"
        },
        "product_reference": "spacewalk-setup-4.1.6-3.3.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-taskomatic-4.1.19-3.8.2.noarch as component of SUSE Manager Server Module 4.1",
          "product_id": "SUSE Manager Server Module 4.1:spacewalk-taskomatic-4.1.19-3.8.2.noarch"
        },
        "product_reference": "spacewalk-taskomatic-4.1.19-3.8.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-8028",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8028"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Server Module 4.1:google-gson-2.8.5-3.4.3.noarch",
          "SUSE Manager Server Module 4.1:httpcomponents-client-4.5.6-3.4.2.noarch",
          "SUSE Manager Server Module 4.1:httpcomponents-core-4.4.10-3.4.2.noarch",
          "SUSE Manager Server Module 4.1:salt-netapi-client-0.17.0-3.3.2.noarch",
          "SUSE Manager Server Module 4.1:spacewalk-admin-4.1.6-3.3.3.noarch",
          "SUSE Manager Server Module 4.1:spacewalk-java-4.1.19-3.8.2.noarch",
          "SUSE Manager Server Module 4.1:spacewalk-java-config-4.1.19-3.8.2.noarch",
          "SUSE Manager Server Module 4.1:spacewalk-java-lib-4.1.19-3.8.2.noarch",
          "SUSE Manager Server Module 4.1:spacewalk-java-postgresql-4.1.19-3.8.2.noarch",
          "SUSE Manager Server Module 4.1:spacewalk-setup-4.1.6-3.3.2.noarch",
          "SUSE Manager Server Module 4.1:spacewalk-taskomatic-4.1.19-3.8.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8028",
          "url": "https://www.suse.com/security/cve/CVE-2020-8028"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1175884 for CVE-2020-8028",
          "url": "https://bugzilla.suse.com/1175884"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Server Module 4.1:google-gson-2.8.5-3.4.3.noarch",
            "SUSE Manager Server Module 4.1:httpcomponents-client-4.5.6-3.4.2.noarch",
            "SUSE Manager Server Module 4.1:httpcomponents-core-4.4.10-3.4.2.noarch",
            "SUSE Manager Server Module 4.1:salt-netapi-client-0.17.0-3.3.2.noarch",
            "SUSE Manager Server Module 4.1:spacewalk-admin-4.1.6-3.3.3.noarch",
            "SUSE Manager Server Module 4.1:spacewalk-java-4.1.19-3.8.2.noarch",
            "SUSE Manager Server Module 4.1:spacewalk-java-config-4.1.19-3.8.2.noarch",
            "SUSE Manager Server Module 4.1:spacewalk-java-lib-4.1.19-3.8.2.noarch",
            "SUSE Manager Server Module 4.1:spacewalk-java-postgresql-4.1.19-3.8.2.noarch",
            "SUSE Manager Server Module 4.1:spacewalk-setup-4.1.6-3.3.2.noarch",
            "SUSE Manager Server Module 4.1:spacewalk-taskomatic-4.1.19-3.8.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Server Module 4.1:google-gson-2.8.5-3.4.3.noarch",
            "SUSE Manager Server Module 4.1:httpcomponents-client-4.5.6-3.4.2.noarch",
            "SUSE Manager Server Module 4.1:httpcomponents-core-4.4.10-3.4.2.noarch",
            "SUSE Manager Server Module 4.1:salt-netapi-client-0.17.0-3.3.2.noarch",
            "SUSE Manager Server Module 4.1:spacewalk-admin-4.1.6-3.3.3.noarch",
            "SUSE Manager Server Module 4.1:spacewalk-java-4.1.19-3.8.2.noarch",
            "SUSE Manager Server Module 4.1:spacewalk-java-config-4.1.19-3.8.2.noarch",
            "SUSE Manager Server Module 4.1:spacewalk-java-lib-4.1.19-3.8.2.noarch",
            "SUSE Manager Server Module 4.1:spacewalk-java-postgresql-4.1.19-3.8.2.noarch",
            "SUSE Manager Server Module 4.1:spacewalk-setup-4.1.6-3.3.2.noarch",
            "SUSE Manager Server Module 4.1:spacewalk-taskomatic-4.1.19-3.8.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-09-16T12:22:50Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-8028"
    }
  ]
}

SUSE-SU-2020:2650-1

Vulnerability from csaf_suse - Published: 2020-09-16 12:24 - Updated: 2020-09-16 12:24

Summary

Security update for SUSE Manager Server 4.0

Notes

Title of the patch

Security update for SUSE Manager Server 4.0

Description of the patch

This update fixes the following issues: hibernate5: - Address CVE-2019-14900 (bsc#1172079) image-sync-formula: - Allow image-sync state on regular minion. Image sync state requires branch-network pillars to get the directory where to sync images. Use default `/srv/saltboot` if that pillar is missing so image-sync can be applied on non branch minions as well. openvpn-formula: - Add hint that ssl certs must be on system (bsc#1172279) prometheus-exporters-formula: - Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555) - Add support for exporters proxy (exporter_exporter) - Update the apache exporter config file for Debian salt-netapi-client: - Refresh authentication module list to newer Salt versions saltboot-formula: - Better fix for rounding errors (bsc#1136857) spacecmd: - Python3 fixes for errata in spacecmd (bsc#1169664) - Python3 fix for sorted usage (bsc#1167907) - Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889) - Fix escaping of package names (bsc#1171281) spacewalk-admin: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) spacewalk-certs-tools: - Add option --nostricthostkeychecking to spacewalk-ssh-push-init - Strip SSL Certificate Common Name after 63 Characters (bsc#1173535) spacewalk-java: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) - Fix EntityExistsException on migration from traditional to salt minion via proxy (bsc#1175556) - Use media.1/products from media when not specified different (bsc#1175558) - Fix: use quiet API method when using spacewalk-common-channels (bsc#1175529) - Fix alignment on icon on entitlement page - Reset the server path on minion registration (bsc#1174254) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Fix error when rolling back a system to a snapshot (bsc#1173997) - Avoid deadlock when syncing channels and registering minions at the same time (bsc#1173566) - Provide comps.xml and modules.yaml when using onlinerepo for kickstart - Set CPU and memory info for virtual instances (bsc#1170244) - Change system list header text to something better (bsc#1173982) spacewalk-setup: - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) spacewalk-utils: - Avoid exceptions on the logs when looking for channels that do not exist (bsc#1175529) spacewalk-web: - Fix login page after jQuery upgrade (bsc#1175224) - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831) - Warn when a system is in multiple groups that configure the same formula in the system formula's UI (bsc#1173554) susemanager: - Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470) susemanager-frontend-libs: - Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831) susemanager-schema: - Prevent a deadlock error involving delete_server and update_needed_cache (bsc#1173073) susemanager-sls: - Fix the dnf plugin to add the token to the HTTP header (bsc#1175724) - Fix reporting of missing products in product.all_installed (bsc#1165829) - Require PyYAML version >= 5.1 - Get redhat-release only when it is not a symlink - Fix: supply a dnf base when dealing w/repos (bsc#1172504) - Fix: autorefresh in repos is zypper-only susemanager-sync-data: - Remove version from centos and oracle linux identifier (bsc#1173584) virtualization-host-formula: - Update to version 0.5 - Ensure kernel-default and libvirt-python3 are installed - Set bridge network as default - Fix conditionals (bsc#1175791) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service: spacewalk-service start

Patchnames

SUSE-2020-2650,SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2650,SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-2650

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for SUSE Manager Server 4.0",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update fixes the following issues:\n\nhibernate5:\n\n- Address CVE-2019-14900 (bsc#1172079)\n\nimage-sync-formula:\n\n- Allow image-sync state on regular minion.\n  Image sync state requires branch-network pillars to get the directory\n  where to sync images. Use default `/srv/saltboot` if that pillar is\n  missing so image-sync can be applied on non branch minions as well.\n\nopenvpn-formula:\n\n- Add hint that ssl certs must be on system (bsc#1172279)\n\nprometheus-exporters-formula:\n\n- Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555)\n- Add support for exporters proxy (exporter_exporter)\n- Update the apache exporter config file for Debian\n\nsalt-netapi-client:\n\n- Refresh authentication module list to newer Salt versions\n\nsaltboot-formula:\n\n- Better fix for rounding errors (bsc#1136857)\n\nspacecmd:\n\n- Python3 fixes for errata in spacecmd (bsc#1169664)\n- Python3 fix for sorted usage (bsc#1167907)\n- Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889)\n- Fix escaping of package names (bsc#1171281)\n\nspacewalk-admin:\n\n- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)\n\nspacewalk-certs-tools:\n\n- Add option --nostricthostkeychecking to spacewalk-ssh-push-init\n- Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)\n\nspacewalk-java:\n\n- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)\n- Fix EntityExistsException on migration from traditional to salt minion via proxy (bsc#1175556)\n- Use media.1/products from media when not specified different (bsc#1175558)\n- Fix: use quiet API method when using spacewalk-common-channels (bsc#1175529)\n- Fix alignment on icon on entitlement page\n- Reset the server path on minion registration (bsc#1174254)\n- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)\n- Fix error when rolling back a system to a snapshot (bsc#1173997)\n- Avoid deadlock when syncing channels and registering minions at the same time (bsc#1173566)\n- Provide comps.xml and modules.yaml when using onlinerepo for kickstart\n- Set CPU and memory info for virtual instances (bsc#1170244)\n- Change system list header text to something better (bsc#1173982)\n\nspacewalk-setup:\n\n- Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028)\n\nspacewalk-utils:\n\n- Avoid exceptions on the logs when looking for channels that do\n  not exist (bsc#1175529)\n\nspacewalk-web:\n\n- Fix login page after jQuery upgrade (bsc#1175224)\n- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)\n- Warn when a system is in multiple groups that configure the same\n  formula in the system formula\u0027s UI (bsc#1173554)\n\nsusemanager:\n\n- Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470)\n\nsusemanager-frontend-libs:\n\n- Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831) \n\nsusemanager-schema:\n\n- Prevent a deadlock error involving delete_server and update_needed_cache (bsc#1173073)\n\nsusemanager-sls:\n\n- Fix the dnf plugin to add the token to the HTTP header (bsc#1175724)\n- Fix reporting of missing products in product.all_installed (bsc#1165829)\n- Require PyYAML version \u003e= 5.1\n- Get redhat-release only when it is not a symlink\n- Fix: supply a dnf base when dealing w/repos (bsc#1172504)\n- Fix: autorefresh in repos is zypper-only\n\nsusemanager-sync-data:\n\n- Remove version from centos and oracle linux identifier (bsc#1173584)\n\nvirtualization-host-formula:\n\n- Update to version 0.5\n  - Ensure kernel-default and libvirt-python3 are installed\n  - Set bridge network as default\n  - Fix conditionals (bsc#1175791)\n\nHow to apply this update:\n1. Log in as root user to the SUSE Manager server.\n2. Stop the Spacewalk service:\nspacewalk-service stop\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Upgrade the database schema:\nspacewalk-schema-upgrade\n5. Start the Spacewalk service:\nspacewalk-service start\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-2650,SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2650,SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-2650",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2650-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:2650-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202650-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:2650-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-September/007435.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1136857",
        "url": "https://bugzilla.suse.com/1136857"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1165829",
        "url": "https://bugzilla.suse.com/1165829"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1167907",
        "url": "https://bugzilla.suse.com/1167907"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1169664",
        "url": "https://bugzilla.suse.com/1169664"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170244",
        "url": "https://bugzilla.suse.com/1170244"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1171281",
        "url": "https://bugzilla.suse.com/1171281"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172079",
        "url": "https://bugzilla.suse.com/1172079"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172279",
        "url": "https://bugzilla.suse.com/1172279"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172504",
        "url": "https://bugzilla.suse.com/1172504"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172831",
        "url": "https://bugzilla.suse.com/1172831"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173073",
        "url": "https://bugzilla.suse.com/1173073"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173535",
        "url": "https://bugzilla.suse.com/1173535"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173554",
        "url": "https://bugzilla.suse.com/1173554"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173566",
        "url": "https://bugzilla.suse.com/1173566"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173584",
        "url": "https://bugzilla.suse.com/1173584"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173982",
        "url": "https://bugzilla.suse.com/1173982"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173997",
        "url": "https://bugzilla.suse.com/1173997"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1174254",
        "url": "https://bugzilla.suse.com/1174254"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1174470",
        "url": "https://bugzilla.suse.com/1174470"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175224",
        "url": "https://bugzilla.suse.com/1175224"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175529",
        "url": "https://bugzilla.suse.com/1175529"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175555",
        "url": "https://bugzilla.suse.com/1175555"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175556",
        "url": "https://bugzilla.suse.com/1175556"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175558",
        "url": "https://bugzilla.suse.com/1175558"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175724",
        "url": "https://bugzilla.suse.com/1175724"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175791",
        "url": "https://bugzilla.suse.com/1175791"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175884",
        "url": "https://bugzilla.suse.com/1175884"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175889",
        "url": "https://bugzilla.suse.com/1175889"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14900 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14900/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-11022 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-11022/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8028 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8028/"
      }
    ],
    "title": "Security update for SUSE Manager Server 4.0",
    "tracking": {
      "current_release_date": "2020-09-16T12:24:27Z",
      "generator": {
        "date": "2020-09-16T12:24:27Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:2650-1",
      "initial_release_date": "2020-09-16T12:24:27Z",
      "revision_history": [
        {
          "date": "2020-09-16T12:24:27Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openvpn-formula-0.1.1-4.6.2.aarch64",
                "product": {
                  "name": "openvpn-formula-0.1.1-4.6.2.aarch64",
                  "product_id": "openvpn-formula-0.1.1-4.6.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-4.0.28-3.36.3.aarch64",
                "product": {
                  "name": "susemanager-4.0.28-3.36.3.aarch64",
                  "product_id": "susemanager-4.0.28-3.36.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-tools-4.0.28-3.36.3.aarch64",
                "product": {
                  "name": "susemanager-tools-4.0.28-3.36.3.aarch64",
                  "product_id": "susemanager-tools-4.0.28-3.36.3.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "hibernate5-5.3.7-4.3.2.noarch",
                "product": {
                  "name": "hibernate5-5.3.7-4.3.2.noarch",
                  "product_id": "hibernate5-5.3.7-4.3.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
                "product": {
                  "name": "image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
                  "product_id": "image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "prometheus-exporters-formula-0.7.1-3.10.2.noarch",
                "product": {
                  "name": "prometheus-exporters-formula-0.7.1-3.10.2.noarch",
                  "product_id": "prometheus-exporters-formula-0.7.1-3.10.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python2-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
                "product": {
                  "name": "python2-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
                  "product_id": "python2-spacewalk-certs-tools-4.0.17-3.21.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
                "product": {
                  "name": "python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
                  "product_id": "python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "salt-netapi-client-0.17.0-4.6.3.noarch",
                "product": {
                  "name": "salt-netapi-client-0.17.0-4.6.3.noarch",
                  "product_id": "salt-netapi-client-0.17.0-4.6.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
                "product": {
                  "name": "saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
                  "product_id": "saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacecmd-4.0.20-3.19.2.noarch",
                "product": {
                  "name": "spacecmd-4.0.20-3.19.2.noarch",
                  "product_id": "spacecmd-4.0.20-3.19.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-admin-4.0.11-3.12.1.noarch",
                "product": {
                  "name": "spacewalk-admin-4.0.11-3.12.1.noarch",
                  "product_id": "spacewalk-admin-4.0.11-3.12.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-base-4.0.23-3.30.3.noarch",
                "product": {
                  "name": "spacewalk-base-4.0.23-3.30.3.noarch",
                  "product_id": "spacewalk-base-4.0.23-3.30.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-base-minimal-4.0.23-3.30.3.noarch",
                "product": {
                  "name": "spacewalk-base-minimal-4.0.23-3.30.3.noarch",
                  "product_id": "spacewalk-base-minimal-4.0.23-3.30.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
                "product": {
                  "name": "spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
                  "product_id": "spacewalk-base-minimal-config-4.0.23-3.30.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-certs-tools-4.0.17-3.21.3.noarch",
                "product": {
                  "name": "spacewalk-certs-tools-4.0.17-3.21.3.noarch",
                  "product_id": "spacewalk-certs-tools-4.0.17-3.21.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-dobby-4.0.23-3.30.3.noarch",
                "product": {
                  "name": "spacewalk-dobby-4.0.23-3.30.3.noarch",
                  "product_id": "spacewalk-dobby-4.0.23-3.30.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-html-4.0.23-3.30.3.noarch",
                "product": {
                  "name": "spacewalk-html-4.0.23-3.30.3.noarch",
                  "product_id": "spacewalk-html-4.0.23-3.30.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-4.0.37-3.39.1.noarch",
                "product": {
                  "name": "spacewalk-java-4.0.37-3.39.1.noarch",
                  "product_id": "spacewalk-java-4.0.37-3.39.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-apidoc-sources-4.0.37-3.39.1.noarch",
                "product": {
                  "name": "spacewalk-java-apidoc-sources-4.0.37-3.39.1.noarch",
                  "product_id": "spacewalk-java-apidoc-sources-4.0.37-3.39.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-config-4.0.37-3.39.1.noarch",
                "product": {
                  "name": "spacewalk-java-config-4.0.37-3.39.1.noarch",
                  "product_id": "spacewalk-java-config-4.0.37-3.39.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-lib-4.0.37-3.39.1.noarch",
                "product": {
                  "name": "spacewalk-java-lib-4.0.37-3.39.1.noarch",
                  "product_id": "spacewalk-java-lib-4.0.37-3.39.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
                "product": {
                  "name": "spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
                  "product_id": "spacewalk-java-postgresql-4.0.37-3.39.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
                "product": {
                  "name": "spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
                  "product_id": "spacewalk-proxy-broker-4.0.14-3.10.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-common-4.0.14-3.10.3.noarch",
                "product": {
                  "name": "spacewalk-proxy-common-4.0.14-3.10.3.noarch",
                  "product_id": "spacewalk-proxy-common-4.0.14-3.10.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-management-4.0.14-3.10.3.noarch",
                "product": {
                  "name": "spacewalk-proxy-management-4.0.14-3.10.3.noarch",
                  "product_id": "spacewalk-proxy-management-4.0.14-3.10.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
                "product": {
                  "name": "spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
                  "product_id": "spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
                "product": {
                  "name": "spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
                  "product_id": "spacewalk-proxy-redirect-4.0.14-3.10.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
                "product": {
                  "name": "spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
                  "product_id": "spacewalk-proxy-salt-4.0.14-3.10.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-setup-4.0.14-3.14.1.noarch",
                "product": {
                  "name": "spacewalk-setup-4.0.14-3.14.1.noarch",
                  "product_id": "spacewalk-setup-4.0.14-3.14.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-taskomatic-4.0.37-3.39.1.noarch",
                "product": {
                  "name": "spacewalk-taskomatic-4.0.37-3.39.1.noarch",
                  "product_id": "spacewalk-taskomatic-4.0.37-3.39.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "spacewalk-utils-4.0.18-3.21.3.noarch",
                "product": {
                  "name": "spacewalk-utils-4.0.18-3.21.3.noarch",
                  "product_id": "spacewalk-utils-4.0.18-3.21.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-frontend-libs-4.0.2-4.3.2.noarch",
                "product": {
                  "name": "susemanager-frontend-libs-4.0.2-4.3.2.noarch",
                  "product_id": "susemanager-frontend-libs-4.0.2-4.3.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-frontend-libs-devel-4.0.2-4.3.2.noarch",
                "product": {
                  "name": "susemanager-frontend-libs-devel-4.0.2-4.3.2.noarch",
                  "product_id": "susemanager-frontend-libs-devel-4.0.2-4.3.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-schema-4.0.22-3.29.2.noarch",
                "product": {
                  "name": "susemanager-schema-4.0.22-3.29.2.noarch",
                  "product_id": "susemanager-schema-4.0.22-3.29.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-schema-sanity-4.0.22-3.29.2.noarch",
                "product": {
                  "name": "susemanager-schema-sanity-4.0.22-3.29.2.noarch",
                  "product_id": "susemanager-schema-sanity-4.0.22-3.29.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-sls-4.0.29-3.31.3.noarch",
                "product": {
                  "name": "susemanager-sls-4.0.29-3.31.3.noarch",
                  "product_id": "susemanager-sls-4.0.29-3.31.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-sync-data-4.0.18-3.24.2.noarch",
                "product": {
                  "name": "susemanager-sync-data-4.0.18-3.24.2.noarch",
                  "product_id": "susemanager-sync-data-4.0.18-3.24.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-web-libs-4.0.23-3.30.3.noarch",
                "product": {
                  "name": "susemanager-web-libs-4.0.23-3.30.3.noarch",
                  "product_id": "susemanager-web-libs-4.0.23-3.30.3.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "virtualization-host-formula-0.5-4.12.3.noarch",
                "product": {
                  "name": "virtualization-host-formula-0.5-4.12.3.noarch",
                  "product_id": "virtualization-host-formula-0.5-4.12.3.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openvpn-formula-0.1.1-4.6.2.ppc64le",
                "product": {
                  "name": "openvpn-formula-0.1.1-4.6.2.ppc64le",
                  "product_id": "openvpn-formula-0.1.1-4.6.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-4.0.28-3.36.3.ppc64le",
                "product": {
                  "name": "susemanager-4.0.28-3.36.3.ppc64le",
                  "product_id": "susemanager-4.0.28-3.36.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-tools-4.0.28-3.36.3.ppc64le",
                "product": {
                  "name": "susemanager-tools-4.0.28-3.36.3.ppc64le",
                  "product_id": "susemanager-tools-4.0.28-3.36.3.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openvpn-formula-0.1.1-4.6.2.s390x",
                "product": {
                  "name": "openvpn-formula-0.1.1-4.6.2.s390x",
                  "product_id": "openvpn-formula-0.1.1-4.6.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-4.0.28-3.36.3.s390x",
                "product": {
                  "name": "susemanager-4.0.28-3.36.3.s390x",
                  "product_id": "susemanager-4.0.28-3.36.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-tools-4.0.28-3.36.3.s390x",
                "product": {
                  "name": "susemanager-tools-4.0.28-3.36.3.s390x",
                  "product_id": "susemanager-tools-4.0.28-3.36.3.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "hibernate5-kit-06f89f5f40a0b95b08f814879026e8ce444876e5-3.3.1.x86_64",
                "product": {
                  "name": "hibernate5-kit-06f89f5f40a0b95b08f814879026e8ce444876e5-3.3.1.x86_64",
                  "product_id": "hibernate5-kit-06f89f5f40a0b95b08f814879026e8ce444876e5-3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "openvpn-formula-0.1.1-4.6.2.x86_64",
                "product": {
                  "name": "openvpn-formula-0.1.1-4.6.2.x86_64",
                  "product_id": "openvpn-formula-0.1.1-4.6.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-4.0.28-3.36.3.x86_64",
                "product": {
                  "name": "susemanager-4.0.28-3.36.3.x86_64",
                  "product_id": "susemanager-4.0.28-3.36.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "susemanager-tools-4.0.28-3.36.3.x86_64",
                "product": {
                  "name": "susemanager-tools-4.0.28-3.36.3.x86_64",
                  "product_id": "susemanager-tools-4.0.28-3.36.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Manager Proxy Module 4.0",
                "product": {
                  "name": "SUSE Manager Proxy Module 4.0",
                  "product_id": "SUSE Manager Proxy Module 4.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-suse-manager-proxy:4.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Server Module 4.0",
                "product": {
                  "name": "SUSE Manager Server Module 4.0",
                  "product_id": "SUSE Manager Server Module 4.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch as component of SUSE Manager Proxy Module 4.0",
          "product_id": "SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch"
        },
        "product_reference": "python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacecmd-4.0.20-3.19.2.noarch as component of SUSE Manager Proxy Module 4.0",
          "product_id": "SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch"
        },
        "product_reference": "spacecmd-4.0.20-3.19.2.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-4.0.23-3.30.3.noarch as component of SUSE Manager Proxy Module 4.0",
          "product_id": "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch"
        },
        "product_reference": "spacewalk-base-minimal-4.0.23-3.30.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-config-4.0.23-3.30.3.noarch as component of SUSE Manager Proxy Module 4.0",
          "product_id": "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch"
        },
        "product_reference": "spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-certs-tools-4.0.17-3.21.3.noarch as component of SUSE Manager Proxy Module 4.0",
          "product_id": "SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch"
        },
        "product_reference": "spacewalk-certs-tools-4.0.17-3.21.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-broker-4.0.14-3.10.3.noarch as component of SUSE Manager Proxy Module 4.0",
          "product_id": "SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch"
        },
        "product_reference": "spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-common-4.0.14-3.10.3.noarch as component of SUSE Manager Proxy Module 4.0",
          "product_id": "SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch"
        },
        "product_reference": "spacewalk-proxy-common-4.0.14-3.10.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-management-4.0.14-3.10.3.noarch as component of SUSE Manager Proxy Module 4.0",
          "product_id": "SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch"
        },
        "product_reference": "spacewalk-proxy-management-4.0.14-3.10.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch as component of SUSE Manager Proxy Module 4.0",
          "product_id": "SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch"
        },
        "product_reference": "spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-redirect-4.0.14-3.10.3.noarch as component of SUSE Manager Proxy Module 4.0",
          "product_id": "SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch"
        },
        "product_reference": "spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-proxy-salt-4.0.14-3.10.3.noarch as component of SUSE Manager Proxy Module 4.0",
          "product_id": "SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch"
        },
        "product_reference": "spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate5-5.3.7-4.3.2.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch"
        },
        "product_reference": "hibernate5-5.3.7-4.3.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch"
        },
        "product_reference": "image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openvpn-formula-0.1.1-4.6.2.ppc64le as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le"
        },
        "product_reference": "openvpn-formula-0.1.1-4.6.2.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openvpn-formula-0.1.1-4.6.2.s390x as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x"
        },
        "product_reference": "openvpn-formula-0.1.1-4.6.2.s390x",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openvpn-formula-0.1.1-4.6.2.x86_64 as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64"
        },
        "product_reference": "openvpn-formula-0.1.1-4.6.2.x86_64",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus-exporters-formula-0.7.1-3.10.2.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch"
        },
        "product_reference": "prometheus-exporters-formula-0.7.1-3.10.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch"
        },
        "product_reference": "python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "salt-netapi-client-0.17.0-4.6.3.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch"
        },
        "product_reference": "salt-netapi-client-0.17.0-4.6.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch"
        },
        "product_reference": "saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacecmd-4.0.20-3.19.2.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch"
        },
        "product_reference": "spacecmd-4.0.20-3.19.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-admin-4.0.11-3.12.1.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch"
        },
        "product_reference": "spacewalk-admin-4.0.11-3.12.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-4.0.23-3.30.3.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch"
        },
        "product_reference": "spacewalk-base-4.0.23-3.30.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-4.0.23-3.30.3.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch"
        },
        "product_reference": "spacewalk-base-minimal-4.0.23-3.30.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-base-minimal-config-4.0.23-3.30.3.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch"
        },
        "product_reference": "spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-certs-tools-4.0.17-3.21.3.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch"
        },
        "product_reference": "spacewalk-certs-tools-4.0.17-3.21.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-html-4.0.23-3.30.3.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch"
        },
        "product_reference": "spacewalk-html-4.0.23-3.30.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-4.0.37-3.39.1.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch"
        },
        "product_reference": "spacewalk-java-4.0.37-3.39.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-config-4.0.37-3.39.1.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch"
        },
        "product_reference": "spacewalk-java-config-4.0.37-3.39.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-lib-4.0.37-3.39.1.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch"
        },
        "product_reference": "spacewalk-java-lib-4.0.37-3.39.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-java-postgresql-4.0.37-3.39.1.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch"
        },
        "product_reference": "spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-setup-4.0.14-3.14.1.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch"
        },
        "product_reference": "spacewalk-setup-4.0.14-3.14.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-taskomatic-4.0.37-3.39.1.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch"
        },
        "product_reference": "spacewalk-taskomatic-4.0.37-3.39.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "spacewalk-utils-4.0.18-3.21.3.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch"
        },
        "product_reference": "spacewalk-utils-4.0.18-3.21.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-4.0.28-3.36.3.ppc64le as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le"
        },
        "product_reference": "susemanager-4.0.28-3.36.3.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-4.0.28-3.36.3.s390x as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x"
        },
        "product_reference": "susemanager-4.0.28-3.36.3.s390x",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-4.0.28-3.36.3.x86_64 as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64"
        },
        "product_reference": "susemanager-4.0.28-3.36.3.x86_64",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-frontend-libs-4.0.2-4.3.2.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch"
        },
        "product_reference": "susemanager-frontend-libs-4.0.2-4.3.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-schema-4.0.22-3.29.2.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch"
        },
        "product_reference": "susemanager-schema-4.0.22-3.29.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-sls-4.0.29-3.31.3.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch"
        },
        "product_reference": "susemanager-sls-4.0.29-3.31.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-sync-data-4.0.18-3.24.2.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch"
        },
        "product_reference": "susemanager-sync-data-4.0.18-3.24.2.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-tools-4.0.28-3.36.3.ppc64le as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le"
        },
        "product_reference": "susemanager-tools-4.0.28-3.36.3.ppc64le",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-tools-4.0.28-3.36.3.s390x as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x"
        },
        "product_reference": "susemanager-tools-4.0.28-3.36.3.s390x",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-tools-4.0.28-3.36.3.x86_64 as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64"
        },
        "product_reference": "susemanager-tools-4.0.28-3.36.3.x86_64",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "susemanager-web-libs-4.0.23-3.30.3.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch"
        },
        "product_reference": "susemanager-web-libs-4.0.23-3.30.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtualization-host-formula-0.5-4.12.3.noarch as component of SUSE Manager Server Module 4.0",
          "product_id": "SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
        },
        "product_reference": "virtualization-host-formula-0.5-4.12.3.noarch",
        "relates_to_product_reference": "SUSE Manager Server Module 4.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-14900",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14900"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
          "SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
          "SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
          "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
          "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
          "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
          "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
          "SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
          "SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
          "SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
          "SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
          "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
          "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
          "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
          "SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
          "SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
          "SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
          "SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
          "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
          "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
          "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
          "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
          "SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14900",
          "url": "https://www.suse.com/security/cve/CVE-2019-14900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172079 for CVE-2019-14900",
          "url": "https://bugzilla.suse.com/1172079"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
            "SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
            "SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
            "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
            "SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
            "SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
            "SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
            "SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
            "SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
            "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
            "SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
            "SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
            "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
            "SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
            "SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
            "SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
            "SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
            "SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
            "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-09-16T12:24:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-14900"
    },
    {
      "cve": "CVE-2020-11022",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-11022"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
          "SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
          "SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
          "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
          "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
          "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
          "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
          "SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
          "SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
          "SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
          "SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
          "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
          "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
          "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
          "SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
          "SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
          "SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
          "SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
          "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
          "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
          "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
          "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
          "SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-11022",
          "url": "https://www.suse.com/security/cve/CVE-2020-11022"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173090 for CVE-2020-11022",
          "url": "https://bugzilla.suse.com/1173090"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178434 for CVE-2020-11022",
          "url": "https://bugzilla.suse.com/1178434"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1190663 for CVE-2020-11022",
          "url": "https://bugzilla.suse.com/1190663"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
            "SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
            "SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
            "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
            "SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
            "SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
            "SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
            "SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
            "SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
            "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
            "SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
            "SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
            "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
            "SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
            "SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
            "SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
            "SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
            "SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
            "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-09-16T12:24:27Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-11022"
    },
    {
      "cve": "CVE-2020-8028",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8028"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
          "SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
          "SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
          "SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
          "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
          "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
          "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
          "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
          "SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
          "SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
          "SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
          "SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
          "SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
          "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
          "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
          "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
          "SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
          "SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
          "SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
          "SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
          "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
          "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
          "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
          "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
          "SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8028",
          "url": "https://www.suse.com/security/cve/CVE-2020-8028"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1175884 for CVE-2020-8028",
          "url": "https://bugzilla.suse.com/1175884"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
            "SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
            "SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
            "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
            "SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
            "SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
            "SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
            "SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
            "SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
            "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Manager Proxy Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-broker-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-common-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-management-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-package-manager-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-redirect-4.0.14-3.10.3.noarch",
            "SUSE Manager Proxy Module 4.0:spacewalk-proxy-salt-4.0.14-3.10.3.noarch",
            "SUSE Manager Server Module 4.0:hibernate5-5.3.7-4.3.2.noarch",
            "SUSE Manager Server Module 4.0:image-sync-formula-0.1.1595937550.0285244-3.20.2.noarch",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.ppc64le",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.s390x",
            "SUSE Manager Server Module 4.0:openvpn-formula-0.1.1-4.6.2.x86_64",
            "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.1-3.10.2.noarch",
            "SUSE Manager Server Module 4.0:python3-spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:salt-netapi-client-0.17.0-4.6.3.noarch",
            "SUSE Manager Server Module 4.0:saltboot-formula-0.1.1595937550.0285244-3.19.2.noarch",
            "SUSE Manager Server Module 4.0:spacecmd-4.0.20-3.19.2.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.11-3.12.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-certs-tools-4.0.17-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-html-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-setup-4.0.14-3.14.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.37-3.39.1.noarch",
            "SUSE Manager Server Module 4.0:spacewalk-utils-4.0.18-3.21.3.noarch",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.ppc64le",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.s390x",
            "SUSE Manager Server Module 4.0:susemanager-4.0.28-3.36.3.x86_64",
            "SUSE Manager Server Module 4.0:susemanager-frontend-libs-4.0.2-4.3.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-schema-4.0.22-3.29.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-sls-4.0.29-3.31.3.noarch",
            "SUSE Manager Server Module 4.0:susemanager-sync-data-4.0.18-3.24.2.noarch",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.ppc64le",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.s390x",
            "SUSE Manager Server Module 4.0:susemanager-tools-4.0.28-3.36.3.x86_64",
            "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.23-3.30.3.noarch",
            "SUSE Manager Server Module 4.0:virtualization-host-formula-0.5-4.12.3.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-09-16T12:24:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-8028"
    }
  ]
}

CNVD-2020-52931

Vulnerability from cnvd - Published: 2020-09-21

Title

SUSE访问控制错误漏洞

Description

SUSE Manager是德国SUSE公司的一套Linux服务器管理系统。该系统提供自动化软件管理、系统配置和监控等功能。spacewalk是一套开源的Linux系统管理解决方案。 SUSE存在访问控制错误漏洞。该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问。目前没有详细的漏洞细节提供。

Severity

高

Patch Name

SUSE访问控制错误漏洞的补丁

Patch Description

SUSE Manager是德国SUSE公司的一套Linux服务器管理系统。该系统提供自动化软件管理、系统配置和监控等功能。spacewalk是一套开源的Linux系统管理解决方案。 SUSE存在访问控制错误漏洞。该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.suse.com/pipermail/sle-security-updates/2020-September/007434.html?_ga=2.122236623.598270933.1600398914-1926214066.1598419888

Reference

https://bugzilla.suse.com/show_bug.cgi?id=1175884

Impacted products

Name
['SUSE SUSE Manager Server 4.1', 'SUSE SUSE Manager Server 3.2', 'SUSE SUSE Manager Server 4.0', 'SUSE SUSE Manager Proxy 4.0', 'SUSE SUSE Manager Retail Branch Server 4.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-8028",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-8028"
    }
  },
  "description": "SUSE Manager\u662f\u5fb7\u56fdSUSE\u516c\u53f8\u7684\u4e00\u5957Linux\u670d\u52a1\u5668\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u81ea\u52a8\u5316\u8f6f\u4ef6\u7ba1\u7406\u3001\u7cfb\u7edf\u914d\u7f6e\u548c\u76d1\u63a7\u7b49\u529f\u80fd\u3002spacewalk\u662f\u4e00\u5957\u5f00\u6e90\u7684Linux\u7cfb\u7edf\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\n\nSUSE\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u9650\u5236\u6765\u81ea\u672a\u6388\u6743\u89d2\u8272\u7684\u8d44\u6e90\u8bbf\u95ee\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.suse.com/pipermail/sle-security-updates/2020-September/007434.html?_ga=2.122236623.598270933.1600398914-1926214066.1598419888",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-52931",
  "openTime": "2020-09-21",
  "patchDescription": "SUSE Manager\u662f\u5fb7\u56fdSUSE\u516c\u53f8\u7684\u4e00\u5957Linux\u670d\u52a1\u5668\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u81ea\u52a8\u5316\u8f6f\u4ef6\u7ba1\u7406\u3001\u7cfb\u7edf\u914d\u7f6e\u548c\u76d1\u63a7\u7b49\u529f\u80fd\u3002spacewalk\u662f\u4e00\u5957\u5f00\u6e90\u7684Linux\u7cfb\u7edf\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nSUSE\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u9650\u5236\u6765\u81ea\u672a\u6388\u6743\u89d2\u8272\u7684\u8d44\u6e90\u8bbf\u95ee\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SUSE\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SUSE SUSE Manager Server 4.1",
      "SUSE SUSE Manager Server 3.2",
      "SUSE SUSE Manager Server 4.0",
      "SUSE SUSE Manager Proxy 4.0",
      "SUSE SUSE Manager Retail Branch Server 4.0"
    ]
  },
  "referenceLink": "https://bugzilla.suse.com/show_bug.cgi?id=1175884",
  "serverity": "\u9ad8",
  "submitTime": "2020-09-18",
  "title": "SUSE\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

FKIE_CVE-2020-8028

Vulnerability from fkie_nvd - Published: 2020-09-17 10:15 - Updated: 2024-11-21 05:38

Severity ?

9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

References

	URL	Tags
	meissner@suse.de	https://bugzilla.suse.com/show_bug.cgi?id=1175884	Exploit, Issue Tracking, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.suse.com/show_bug.cgi?id=1175884	Exploit, Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
suse	salt-netapi-client	*
suse	manager_server	4.1
suse	salt-netapi-client	*
suse	manager_server	3.2
suse	salt-netapi-client	*
suse	manager_server	4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:salt-netapi-client:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D48DA175-6217-4420-9E2D-F67ED6C2AB3E",
              "versionEndExcluding": "0.17.0-3.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5810E98-7BF5-42E2-9DE9-661049ABE367",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:salt-netapi-client:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56EC014D-79DA-4990-841C-901E4CD2D7D0",
              "versionEndExcluding": "0.16.0-4.14.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:manager_server:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1F68F28-E248-4424-9AD8-0D6294B9666F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:salt-netapi-client:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC5421E8-063D-4467-A680-4A48E1C84AE8",
              "versionEndExcluding": "0.17.0-4.6.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:manager_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51136B38-5715-49B3-BD8D-91F90632247D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de control de acceso inapropiado en la configuraci\u00f3n de la sal de SUSE Linux Enterprise Module para SUSE Manager Server versi\u00f3n 4.1, SUSE Manager Proxy versi\u00f3n 4.0, SUSE Manager Retail Branch Server versi\u00f3n 4.0, SUSE Manager Server versi\u00f3n 3.2, SUSE Manager Server versi\u00f3n 4.0 permite a los usuarios locales escalar a root en todos los sistemas gestionados por el administrador de SUSE.\u0026#xa0;En el propio nodo de gesti\u00f3n, el c\u00f3digo se puede ejecutar como la sal de usuario, lo que potencialmente permite una escalada a root ah\u00ed.\u0026#xa0;Este problema afecta a: SUSE Linux Enterprise Module para SUSE Manager Server versiones 4.1 google-gson anteriores a 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-.\u0026#xa0;SUSE Manager Proxy versiones 4.0 release-notes-susemanager-proxy anteriores a 4.0.9-0.16.38.1.\u0026#xa0;SUSE Manager Retail Branch Server versiones 4.0 release-notes-susemanager-proxy anteriores a 4.0.9-0.16.38.1.\u0026#xa0;SUSE Manager Server versiones 3.\u0026#xa0;2 salt-netapi-client anteriores a 0.16.0-4.14.1, spacewalk-.\u0026#xa0;SUSE Manager Server versiones 4.0 release-notes-susemanager anteriores a 4.0.9-3.54.1"
    }
  ],
  "id": "CVE-2020-8028",
  "lastModified": "2024-11-21T05:38:15.073",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 6.0,
        "source": "meissner@suse.de",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-17T10:15:15.323",
  "references": [
    {
      "source": "meissner@suse.de",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1175884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1175884"
    }
  ],
  "sourceIdentifier": "meissner@suse.de",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "meissner@suse.de",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-8028 (GCVE-0-2020-8028)

GHSA-PMMP-F225-R347

GSD-2020-8028

SUSE-SU-2020:2648-1

SUSE-SU-2020:2647-1

SUSE-SU-2020:2650-1

CNVD-2020-52931

FKIE_CVE-2020-8028

Tags

Sightings

Nomenclature