Upstream information

CVE-2024-40120 at MITRE

Description

seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v3 Scores
CVSS detail CNA (CISA-ADP)
Base Score 6.5
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact Low
Integrity Impact Low
Availability Impact None
CVSSv3 Version 3.1
No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
Image SL-Micro-Base
Image SL-Micro-Base-RT
Image SL-Micro-Base-RT-SelfInstall
Image SL-Micro-Base-RT-encrypted
Image SL-Micro-Base-SelfInstall
Image SL-Micro-Base-encrypted
Image SL-Micro-Base-qcow
Image SLE-Micro
Image SLE-Micro-Azure
Image SLE-Micro-BYOS
Image SLE-Micro-BYOS-Azure
Image SLE-Micro-BYOS-EC2
Image SLE-Micro-BYOS-GCE
Image SLE-Micro-EC2
Image SLE-Micro-GCE
  • libgnutls30 >= 3.8.3-slfo.1.1_5.1
Image SL-Micro
Image SL-Micro-Default
Image SL-Micro-Default-SelfInstall
Image SL-Micro-Default-encrypted
Image SL-Micro-Default-qcow
  • gnutls >= 3.8.3-slfo.1.1_5.1
  • libgnutls30 >= 3.8.3-slfo.1.1_5.1
SUSE Linux Enterprise Server 16.0
  • govulncheck-vulndb >= 0.0.20250814T182633-160000.1.2
 Patchnames:
SUSE Linux Enterprise Server 16.0 GA govulncheck-vulndb-0.0.20250814T182633-160000.1.2
openSUSE Tumbleweed
  • govulncheck-vulndb >= 0.0.20250523T151856-1.1
 Patchnames:
openSUSE-Tumbleweed-2025-15159

SUSE Timeline for this CVE

CVE page created: Fri May 16 16:00:13 2025
CVE page last modified: Tue Dec 16 12:27:22 2025