{"containers":{"cna":{"affected":[{"product":"zypper","vendor":"SUSE","versions":[{"status":"affected","version":"n/a"}]}],"credits":[{"lang":"en","value":"Mario Biberhofer"}],"datePublic":"2018-03-01T00:00:00.000Z","descriptions":[{"lang":"en","value":"The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.0"}}],"problemTypes":[{"descriptions":[{"description":"Proxy credentials are writting into logfiles","lang":"en","type":"text"}]},{"descriptions":[{"description":"CVE-532","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2021-02-13T03:06:06.000Z","orgId":"f81092c5-7f14-476d-80dc-24857f90be84","shortName":"microfocus"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://www.suse.com/de-de/security/cve/CVE-2017-9271/"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1050625"},{"name":"FEDORA-2021-ebc1c35c5d","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VP2DNHXEQFHXBCTSREPNR7BU4EX64SQG/"}],"source":{"defect":["https://bugzilla.suse.com/show_bug.cgi?id=1050625"],"discovery":"EXTERNAL"},"title":"proxy credentials written to log files by zypper","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@microfocus.com","DATE_PUBLIC":"2018-03-01T00:00:00.000Z","ID":"CVE-2017-9271","STATE":"PUBLIC","TITLE":"proxy credentials written to log files by zypper"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"zypper","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"SUSE"}]}},"credit":[{"lang":"eng","value":"Mario Biberhofer"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Proxy credentials are writting into logfiles"}]},{"description":[{"lang":"eng","value":"CVE-532"}]}]},"references":{"reference_data":[{"name":"https://www.suse.com/de-de/security/cve/CVE-2017-9271/","refsource":"CONFIRM","url":"https://www.suse.com/de-de/security/cve/CVE-2017-9271/"},{"name":"https://bugzilla.suse.com/show_bug.cgi?id=1050625","refsource":"CONFIRM","url":"https://bugzilla.suse.com/show_bug.cgi?id=1050625"},{"name":"FEDORA-2021-ebc1c35c5d","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VP2DNHXEQFHXBCTSREPNR7BU4EX64SQG/"}]},"source":{"defect":["https://bugzilla.suse.com/show_bug.cgi?id=1050625"],"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T17:02:44.124Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.suse.com/de-de/security/cve/CVE-2017-9271/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1050625"},{"name":"FEDORA-2021-ebc1c35c5d","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VP2DNHXEQFHXBCTSREPNR7BU4EX64SQG/"}]}]},"cveMetadata":{"assignerOrgId":"f81092c5-7f14-476d-80dc-24857f90be84","assignerShortName":"microfocus","cveId":"CVE-2017-9271","datePublished":"2018-03-01T19:00:00.000Z","dateReserved":"2017-05-29T00:00:00.000Z","dateUpdated":"2024-09-16T23:26:26.290Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}