CVE-2025-46809 | THREATINT

Description

A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.23.1: from ? before 5.0.14-150600.4.17.1; Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.14-150600.4.17.1; Image SLES15-SP4-Manager-Proxy-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.33-150400.3.55.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.33-150400.3.55.2; SUSE Manager Proxy Module 4.3: from ? before 4.3.33-150400.3.55.2; SUSE Manager Server Module 4.3: from ? before 4.3.33-150400.3.55.2.

PUBLISHED Reserved 2025-04-30 | Published 2025-07-31 | Updated 2025-09-03 | Assigner suse

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

MEDIUM: 5.7CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Problem types

CWE-256: Plaintext Storage of a Password

Product status

Default status

unaffected

? (custom) before 4.3.33-150400.3.55.2

affected

Default status

unaffected

? (custom) before 5.0.14-150600.4.17.1

affected

Default status

unaffected

? (custom) before 5.0.14-150600.4.17.1

affected

Default status

unaffected

? (custom) before 4.3.33-150400.3.55.2

affected

Default status

unaffected

? (custom) before 4.3.33-150400.3.55.2

affected

Default status

unaffected

? (custom) before 4.3.33-150400.3.55.2

affected

Default status

unaffected

? (custom) before 4.3.33-150400.3.55.2

affected

Default status

unaffected

? (custom) before 4.3.33-150400.3.55.2

affected

Default status

unaffected

? (custom) before 4.3.33-150400.3.55.2

affected

Default status

unaffected

? (custom) before 4.3.33-150400.3.55.2

affected

Default status

unaffected

? (custom) before 4.3.33-150400.3.55.2

affected

Default status

unaffected

? (custom) before 4.3.33-150400.3.55.2

affected

Default status

unaffected

? (custom) before 4.3.33-150400.3.55.2

affected

Credits

Oscar Barrios of SUSE finder

References

bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46809

cve.org (CVE-2025-46809)

nvd.nist.gov (CVE-2025-46809)

Download JSON