Sensitive data disclosure vulnerability

(CVE-2024-45718)

Summary

Sensitive data could be exposed to non-privileged users in a configuration file. Local access to the computer with a low-privileged account is required to access the configuration file containing the sensitive data.

Affected Products

Kiwi Syslog NG 1.3 and previous versions

Fixed Software Release

Kiwi Syslog NG 1.3.1

Advisory Details

Severity

4.6 Medium

Advisory ID

CVE-2024-45718

First Published

02/11/2025

Version

Kiwi NG 1.3.1

CVSS Score

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N