Oval Definition:oval:org.opensuse.security:def:20183760
Revision Date:2022-06-30Version:1
Title:CVE-2018-3760
Description:

There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-3760
SUSE-SU-2018:1994-1
SUSE-SU-2018:2176-1
SUSE-SU-2018:2217-1
SUSE-SU-2018:2603-1
SUSE-SU-2018:2762-1
SUSE-SU-2018:3073-1
openSUSE-SU-2018:1854-1
openSUSE-SU-2018:2124-1
Mitre CVE-2018-3760
SUSE CVE-2018-3760
SUSE-SU-2018:1994-1
SUSE-SU-2018:2217-1
SUSE-SU-2018:2603-1
SUSE-SU-2018:2762-1
SUSE-SU-2018:3073-1
openSUSE-SU-2018:1854-1
openSUSE-SU-2018:2124-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 42.3
openSUSE Tumbleweed
SUSE Linux Enterprise High Availability 15
SUSE Linux Enterprise High Availability 15 SP1
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Server 4.0
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • ruby2.1-rubygem-sprockets-3.3.5-5.3 is installed
  • AND ruby2.1-rubygem-sprockets is signed with openSUSE key
  • OR
  • ruby2.1-rubygem-sprockets-doc-3.3.5-5.3 is installed
  • AND ruby2.1-rubygem-sprockets-doc is signed with openSUSE key
  • OR
  • ruby2.2-rubygem-sprockets-3.3.5-5.3 is installed
  • AND ruby2.2-rubygem-sprockets is signed with openSUSE key
  • OR
  • ruby2.2-rubygem-sprockets-doc-3.3.5-5.3 is installed
  • AND ruby2.2-rubygem-sprockets-doc is signed with openSUSE key
  • OR
  • ruby2.3-rubygem-sprockets-3.3.5-5.3 is installed
  • AND ruby2.3-rubygem-sprockets is signed with openSUSE key
  • OR
  • ruby2.3-rubygem-sprockets-doc-3.3.5-5.3 is installed
  • AND ruby2.3-rubygem-sprockets-doc is signed with openSUSE key
  • OR
  • ruby2.4-rubygem-sprockets-3.3.5-5.3 is installed
  • AND ruby2.4-rubygem-sprockets is signed with openSUSE key
  • OR
  • ruby2.4-rubygem-sprockets-doc-3.3.5-5.3 is installed
  • AND ruby2.4-rubygem-sprockets-doc is signed with openSUSE key
  • OR
  • rubygem-sprockets-3.3.5-5.3 is installed
  • AND rubygem-sprockets is signed with openSUSE key
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 15 is installed
  • AND Package Information
  • ruby2.5-rubygem-sprockets-3.7.2-3.3 is installed
  • OR rubygem-sprockets-3.7.2-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • crowbar-5.0+git.1528696845.81a7b5d0-3.3.1 is installed
  • OR crowbar-core-5.0+git.1533887407.6e9b0412d-3.8.2 is installed
  • OR crowbar-core-branding-upstream-5.0+git.1533887407.6e9b0412d-3.8.2 is installed
  • OR crowbar-devel-5.0+git.1528696845.81a7b5d0-3.3.1 is installed
  • OR crowbar-ha-5.0+git.1530177874.35b9099-3.3.1 is installed
  • OR crowbar-init-5.0+git.1520420379.d5bbb35-3.3.1 is installed
  • OR crowbar-openstack-5.0+git.1534167599.d325ef804-4.8.2 is installed
  • OR crowbar-ui-1.2.0+git.1533844061.4ac8e723-3.3.1 is installed
  • OR ruby2.1-rubygem-sprockets-2_12-2.12.5-1.4.1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • crowbar-4.0+git.1528801103.f5708341-7.20.1 is installed
  • OR crowbar-core-4.0+git.1534246408.3ab19c567-9.33.1 is installed
  • OR crowbar-core-branding-upstream-4.0+git.1534246408.3ab19c567-9.33.1 is installed
  • OR crowbar-devel-4.0+git.1528801103.f5708341-7.20.1 is installed
  • OR crowbar-ha-4.0+git.1533750802.5768e73-4.34.1 is installed
  • OR crowbar-openstack-4.0+git.1534254269.ce598a9fe-9.39.1 is installed
  • OR crowbar-ui-1.1.0+git.1533844061.4ac8e723-4.3.1 is installed
  • OR ruby2.1-rubygem-sprockets-2_12-2.12.5-1.3.1 is installed
  • OR rubygem-sprockets-2_12 is affected
    • Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • ruby2.5-rubygem-sprockets-3.7.2-lp150.2.3 is installed
  • AND ruby2.5-rubygem-sprockets is signed with openSUSE key
  • OR
  • ruby2.5-rubygem-sprockets-doc-3.7.2-lp150.2.3 is installed
  • AND ruby2.5-rubygem-sprockets-doc is signed with openSUSE key
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Availability 15 SP1 is installed
  • AND ruby2.5-rubygem-sprockets-3.7.2-3.3 is installed
  • OR Package Information
  • SUSE Linux Enterprise High Availability 15 is installed
  • AND
  • ruby2.5-rubygem-sprockets-3.7.2-3.3 is installed
  • OR rubygem-sprockets-3.7.2-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 15 SP1 is installed
  • AND ruby2.5-rubygem-sprockets-3.7.2-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 15 SP1 is installed
  • AND ruby2.5-rubygem-sprockets-3.7.2-3.3.1 is installed
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • ruby2.7-rubygem-sprockets-4.0.2-1.7 is installed
  • OR ruby2.7-rubygem-sprockets-3.7-3.7.2-1.10 is installed
  • OR ruby3.0-rubygem-sprockets-4.0.2-1.7 is installed
  • OR ruby3.0-rubygem-sprockets-3.7-3.7.2-1.10 is installed
  • OR ruby3.1-rubygem-sprockets-4.0.3-1.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Availability 15 SP1 is installed
  • AND ruby2.5-rubygem-sprockets-3.7.2-3.3.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise High Availability 15 is installed
  • AND ruby2.5-rubygem-sprockets-3.7.2-3.3.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Availability 15 SP1 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP1 is installed
  • OR SUSE Linux Enterprise Server 15 SP1 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • OR SUSE Manager Proxy 4.0 is installed
  • OR SUSE Manager Retail Branch Server 4.0 is installed
  • OR SUSE Manager Server 4.0 is installed
  • AND ruby2.5-rubygem-sprockets-3.7.2-3.3.1 is installed
    • BACK