CVE-2018-19456

Upstream information

CVE-2018-19456 at MITRE

Description

The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql.

---

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having low severity.

No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

• SUSE-SU-2019:0024-1, published Mon Jan 7 16:08:59 MST 2019
• openSUSE-SU-2019:0021-1, published Sat, 12 Jan 2019 03:08:54 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Software Development Kit 12 SP3	libgit2 >= 0.24.1-7.9.1 libgit2-24 >= 0.24.1-7.9.1	Patchnames: SUSE-SLE-SDK-12-SP3-2019-24
SUSE Linux Enterprise Software Development Kit 12 SP4	libgit2 >= 0.24.1-7.9.1 libgit2-24 >= 0.24.1-7.9.1	Patchnames: SUSE-SLE-SDK-12-SP4-2019-24
SUSE Manager Server 3.1	libgit2 >= 0.24.1-7.9.1 libgit2-24 >= 0.24.1-7.9.1	Patchnames: SUSE-SUSE-Manager-Server-3.1-2019-24
SUSE Manager Server 3.2	libgit2 >= 0.24.1-7.9.1 libgit2-24 >= 0.24.1-7.9.1	Patchnames: SUSE-SUSE-Manager-Server-3.2-2019-24
openSUSE Leap 42.3	libgit2 >= 0.24.1-10.6.1 libgit2-24 >= 0.24.1-10.6.1 libgit2-24-32bit >= 0.24.1-10.6.1 libgit2-24-debuginfo >= 0.24.1-10.6.1 libgit2-24-debuginfo-32bit >= 0.24.1-10.6.1 libgit2-debugsource >= 0.24.1-10.6.1 libgit2-devel >= 0.24.1-10.6.1	Patchnames: openSUSE-2019-21