{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2018-17956","assignerOrgId":"f81092c5-7f14-476d-80dc-24857f90be84","assignerShortName":"microfocus","datePublished":"2019-03-15T20:00:00.000Z","dateUpdated":"2024-09-17T02:01:08.906Z","dateReserved":"2018-10-03T00:00:00.000Z"},"containers":{"cna":{"title":"Password exposed in process listing","datePublic":"2019-01-07T00:00:00.000Z","providerMetadata":{"orgId":"f81092c5-7f14-476d-80dc-24857f90be84","shortName":"microfocus","dateUpdated":"2022-10-13T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list"}],"affected":[{"vendor":"SUSE","product":"yast2-samba-provision","versions":[{"version":"unspecified","lessThanOrEqual":"1.0.1","status":"affected","versionType":"custom"}]}],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1117597"}],"credits":[{"lang":"en","value":"Johannes Segitz of SUSE"}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","cweId":"CWE-200"}]}],"source":{"advisory":"https://bugzilla.suse.com/show_bug.cgi?id=1117597","defect":["1117597"],"discovery":"INTERNAL"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T11:01:14.787Z"},"title":"CVE Program Container","references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1117597","tags":["x_transferred"]}]}]}}