CVE-2024-22037

Name of the Vulnerable Software and Affected Versions SUSE Manager Server (affected versions not specified)

Description The issue concerns the exposure of sensitive system information due to the uyuni-server-attestation systemd service needing a database password environment variable. Although the file containing this variable has 640 permission and cannot be directly shown to users, the environment is still exposed by systemd to non-privileged users, potentially leading to unauthorized access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.