CVE-2015-5969

The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.

CVSS v3 6.2 MEDIUM
CVSS v2.0 2.1 LOW

6.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html
https://bugzilla.suse.com/957174
https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:opensuse:leap:42.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:12:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1::::::

History

07 Nov 2023, 02:26

Type	Values Removed	Values Added
References	~~(SUSE) https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html - Vendor Advisory~~	() https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html -
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html - Vendor Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html -
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html - Vendor Advisory~~	() http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html -
References	~~(CONFIRM) https://bugzilla.suse.com/957174 -~~	() https://bugzilla.suse.com/957174 -
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html - Vendor Advisory~~	() http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html -

Information

Published : 2016-04-08 15:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-5969

Mitre link : CVE-2015-5969

CVE.ORG link : CVE-2015-5969

JSON object : View

Products Affected

opensuse

leap
opensuse

suse

linux_enterprise_server
linux_enterprise_desktop
linux_enterprise_workstation_extension
linux_enterprise_software_development_kit

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

6.2 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2015-5969

6.2^/10

2.1^/10

Attach tags to `CVE-2015-5969`