[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-17954":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":264,"aliases":265,"duplicate_of":9,"upstream":266,"downstream":267,"duplicates":278,"related":279,"reserved_at":9,"published_at":285,"modified_at":286,"state":287,"summary":288,"references_raw":297,"kevs":303,"epss":304,"epss_history":307,"metrics":572,"affected":589},"CVE-2018-17954","An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-269","Improper Privilege Management","The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.","weakness","Draft","Class","Medium",[20,182,260],{"id":21,"name":22,"techniques":23},"CAPEC-122","Privilege Abuse",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1548","Abuse Elevation Control Mechanism",[28,31],{"id":29,"name":30},"TA0030","Defense Evasion",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,61,65,69,73,77,81,85,89,94,98,103,108,112,116,120,125,129,133,137,141,146,150,154,158,162,166,170,174,178],{"id":36,"name":37,"tactic":38},"D3-CI","Configuration Inventory",{"name":39},"Model",{"id":41,"name":42,"tactic":43},"D3-AM","Access Modeling",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DI","Data Inventory",{"name":39},{"id":49,"name":50,"tactic":51},"D3-NTPM","Network Traffic Policy Mapping",{"name":39},{"id":53,"name":54,"tactic":55},"D3-AEM","Application Exception Monitoring",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SCA","System Call Analysis",{"name":56},{"id":62,"name":63,"tactic":64},"D3-SFA","System File Analysis",{"name":56},{"id":66,"name":67,"tactic":68},"D3-FA","File Analysis",{"name":56},{"id":70,"name":71,"tactic":72},"D3-FIM","File Integrity Monitoring",{"name":56},{"id":74,"name":75,"tactic":76},"D3-OPM","Operational Process Monitoring",{"name":56},{"id":78,"name":79,"tactic":80},"D3-DA","Dynamic Analysis",{"name":56},{"id":82,"name":83,"tactic":84},"D3-EFA","Emulated File Analysis",{"name":56},{"id":86,"name":87,"tactic":88},"D3-PSA","Process Spawn Analysis",{"name":56},{"id":90,"name":91,"tactic":92},"D3-FEV","File Eviction",{"name":93},"Evict",{"id":95,"name":96,"tactic":97},"D3-AL","Account Locking",{"name":93},{"id":99,"name":100,"tactic":101},"D3-DF","Decoy File",{"name":102},"Deceive",{"id":104,"name":105,"tactic":106},"D3-FE","File Encryption",{"name":107},"Harden",{"id":109,"name":110,"tactic":111},"D3-AA","Agent Authentication",{"name":107},{"id":113,"name":114,"tactic":115},"D3-CDP","Change Default Password",{"name":107},{"id":117,"name":118,"tactic":119},"D3-SCP","System Configuration Permissions",{"name":107},{"id":121,"name":122,"tactic":123},"D3-RC","Restore Configuration",{"name":124},"Restore",{"id":126,"name":127,"tactic":128},"D3-RF","Restore File",{"name":124},{"id":130,"name":131,"tactic":132},"D3-ULA","Unlock Account",{"name":124},{"id":134,"name":135,"tactic":136},"D3-RUAA","Restore User Account Access",{"name":124},{"id":138,"name":139,"tactic":140},"D3-RD","Restore Database",{"name":124},{"id":142,"name":143,"tactic":144},"D3-SCF","System Call Filtering",{"name":145},"Isolate",{"id":147,"name":148,"tactic":149},"D3-CF","Content Filtering",{"name":145},{"id":151,"name":152,"tactic":153},"D3-LFP","Local File Permissions",{"name":145},{"id":155,"name":156,"tactic":157},"D3-RFAM","Remote File Access Mediation",{"name":145},{"id":159,"name":160,"tactic":161},"D3-CQ","Content Quarantine",{"name":145},{"id":163,"name":164,"tactic":165},"D3-CM","Content Modification",{"name":145},{"id":167,"name":168,"tactic":169},"D3-UAP","User Account Permissions",{"name":145},{"id":171,"name":172,"tactic":173},"D3-EAL","Executable Allowlisting",{"name":145},{"id":175,"name":176,"tactic":177},"D3-EDL","Executable Denylisting",{"name":145},{"id":179,"name":180,"tactic":181},"D3-HBPI","Hardware-based Process Isolation",{"name":145},{"id":183,"name":33,"techniques":184},"CAPEC-233",[185],{"id":25,"name":26,"tactics":186,"countermeasures":189},[187,188],{"id":29,"name":30},{"id":32,"name":33},[190,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258],{"id":36,"name":37,"tactic":191},{"name":39},{"id":41,"name":42,"tactic":193},{"name":39},{"id":45,"name":46,"tactic":195},{"name":39},{"id":49,"name":50,"tactic":197},{"name":39},{"id":53,"name":54,"tactic":199},{"name":56},{"id":58,"name":59,"tactic":201},{"name":56},{"id":62,"name":63,"tactic":203},{"name":56},{"id":66,"name":67,"tactic":205},{"name":56},{"id":70,"name":71,"tactic":207},{"name":56},{"id":74,"name":75,"tactic":209},{"name":56},{"id":78,"name":79,"tactic":211},{"name":56},{"id":82,"name":83,"tactic":213},{"name":56},{"id":86,"name":87,"tactic":215},{"name":56},{"id":90,"name":91,"tactic":217},{"name":93},{"id":95,"name":96,"tactic":219},{"name":93},{"id":99,"name":100,"tactic":221},{"name":102},{"id":104,"name":105,"tactic":223},{"name":107},{"id":109,"name":110,"tactic":225},{"name":107},{"id":113,"name":114,"tactic":227},{"name":107},{"id":117,"name":118,"tactic":229},{"name":107},{"id":121,"name":122,"tactic":231},{"name":124},{"id":126,"name":127,"tactic":233},{"name":124},{"id":130,"name":131,"tactic":235},{"name":124},{"id":134,"name":135,"tactic":237},{"name":124},{"id":138,"name":139,"tactic":239},{"name":124},{"id":142,"name":143,"tactic":241},{"name":145},{"id":147,"name":148,"tactic":243},{"name":145},{"id":151,"name":152,"tactic":245},{"name":145},{"id":155,"name":156,"tactic":247},{"name":145},{"id":159,"name":160,"tactic":249},{"name":145},{"id":163,"name":164,"tactic":251},{"name":145},{"id":167,"name":168,"tactic":253},{"name":145},{"id":171,"name":172,"tactic":255},{"name":145},{"id":175,"name":176,"tactic":257},{"name":145},{"id":179,"name":180,"tactic":259},{"name":145},{"id":261,"name":262,"techniques":263},"CAPEC-58","Restful Privilege Elevation",[],[],[],[],[268,270,272,274,276],{"_key":269},"SUSE-SU-2020:0311-1",{"_key":271},"SUSE-SU-2020:0642-1",{"_key":273},"SUSE-SU-2020:2876-1",{"_key":275},"SUSE-SU-2020:2911-1",{"_key":277},"SUSE-SU-2020:0640-1",[],[280,281,282,283,284],{"_key":269},{"_key":271},{"_key":273},{"_key":275},{"_key":277},"2020-04-03T07:05:13.265Z","2024-09-16T20:02:21.821Z","Modified",{"cisa_kev":289,"cisa_ransomware":289,"cisa_vendor":9,"epss_severity":290,"epss_score":291,"severity":292,"severity_score":293,"severity_version":294,"severity_source":295,"severity_vector":296,"severity_status":287},false,"low",0.00042,"critical",9.3,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",[298],{"url":299,"sources":300,"tags":302},"https://bugzilla.suse.com/show_bug.cgi?id=1117080",[295,301],"nvd",[],[],{"date":305,"score":291,"percentile":306},"2026-06-04",0.12991,[308,311,314,317,320,323,325,328,331,334,337,340,343,346,349,352,355,358,361,364,367,370,373,376,379,382,385,388,391,394,397,400,403,406,409,411,414,417,420,423,426,429,432,435,438,441,444,447,450,453,456,459,462,465,468,471,473,476,479,482,485,488,491,494,497,500,503,506,509,512,515,518,521,524,527,530,533,536,539,542,545,548,551,554,557,560,562,565,567,570],{"date":309,"score":291,"percentile":310},"2025-11-04",0.12326,{"date":312,"score":291,"percentile":313},"2025-11-05",0.12354,{"date":315,"score":291,"percentile":316},"2025-11-06",0.12449,{"date":318,"score":291,"percentile":319},"2025-11-07",0.12465,{"date":321,"score":291,"percentile":322},"2025-11-08",0.1247,{"date":324,"score":291,"percentile":316},"2025-11-09",{"date":326,"score":291,"percentile":327},"2025-11-10",0.12404,{"date":329,"score":291,"percentile":330},"2025-11-11",0.12419,{"date":332,"score":291,"percentile":333},"2025-11-12",0.12402,{"date":335,"score":291,"percentile":336},"2025-11-13",0.1242,{"date":338,"score":291,"percentile":339},"2025-11-14",0.12436,{"date":341,"score":291,"percentile":342},"2025-11-15",0.12424,{"date":344,"score":291,"percentile":345},"2025-11-16",0.12414,{"date":347,"score":291,"percentile":348},"2025-11-17",0.12395,{"date":350,"score":291,"percentile":351},"2025-11-18",0.07952,{"date":353,"score":291,"percentile":354},"2025-11-19",0.07966,{"date":356,"score":291,"percentile":357},"2025-11-20",0.07999,{"date":359,"score":291,"percentile":360},"2025-11-21",0.12433,{"date":362,"score":291,"percentile":363},"2025-11-22",0.1244,{"date":365,"score":291,"percentile":366},"2025-11-23",0.12427,{"date":368,"score":291,"percentile":369},"2025-11-24",0.12381,{"date":371,"score":291,"percentile":372},"2025-11-25",0.12384,{"date":374,"score":291,"percentile":375},"2025-11-26",0.1238,{"date":377,"score":291,"percentile":378},"2025-11-27",0.12385,{"date":380,"score":291,"percentile":381},"2025-11-28",0.12371,{"date":383,"score":291,"percentile":384},"2025-11-29",0.12339,{"date":386,"score":291,"percentile":387},"2025-11-30",0.12342,{"date":389,"score":291,"percentile":390},"2025-12-01",0.12379,{"date":392,"score":291,"percentile":393},"2025-12-02",0.12392,{"date":395,"score":291,"percentile":396},"2025-12-03",0.12407,{"date":398,"score":291,"percentile":399},"2025-12-04",0.12389,{"date":401,"score":291,"percentile":402},"2025-12-05",0.12438,{"date":404,"score":291,"percentile":405},"2025-12-06",0.12448,{"date":407,"score":291,"percentile":408},"2025-12-07",0.12435,{"date":410,"score":291,"percentile":402},"2025-12-08",{"date":412,"score":291,"percentile":413},"2025-12-09",0.12495,{"date":415,"score":291,"percentile":416},"2025-12-10",0.12557,{"date":418,"score":291,"percentile":419},"2025-12-11",0.1258,{"date":421,"score":291,"percentile":422},"2025-12-12",0.12625,{"date":424,"score":291,"percentile":425},"2025-12-13",0.12642,{"date":427,"score":291,"percentile":428},"2025-12-14",0.12619,{"date":430,"score":291,"percentile":431},"2025-12-15",0.12572,{"date":433,"score":291,"percentile":434},"2025-12-16",0.12545,{"date":436,"score":291,"percentile":437},"2025-12-17",0.12634,{"date":439,"score":291,"percentile":440},"2025-12-18",0.12717,{"date":442,"score":291,"percentile":443},"2025-12-19",0.12732,{"date":445,"score":291,"percentile":446},"2025-12-20",0.12728,{"date":448,"score":291,"percentile":449},"2025-12-21",0.1271,{"date":451,"score":291,"percentile":452},"2025-12-22",0.12671,{"date":454,"score":291,"percentile":455},"2025-12-23",0.12675,{"date":457,"score":291,"percentile":458},"2025-12-24",0.12695,{"date":460,"score":291,"percentile":461},"2025-12-25",0.12768,{"date":463,"score":291,"percentile":464},"2025-12-26",0.12758,{"date":466,"score":291,"percentile":467},"2025-12-27",0.1276,{"date":469,"score":291,"percentile":470},"2025-12-28",0.12743,{"date":472,"score":291,"percentile":437},"2025-12-29",{"date":474,"score":291,"percentile":475},"2025-12-30",0.12617,{"date":477,"score":291,"percentile":478},"2025-12-31",0.12666,{"date":480,"score":291,"percentile":481},"2026-01-01",0.12696,{"date":483,"score":291,"percentile":484},"2026-01-02",0.12673,{"date":486,"score":291,"percentile":487},"2026-01-03",0.12637,{"date":489,"score":291,"percentile":490},"2026-01-04",0.12565,{"date":492,"score":291,"percentile":493},"2026-01-05",0.12506,{"date":495,"score":291,"percentile":496},"2026-01-06",0.12519,{"date":498,"score":291,"percentile":499},"2026-01-07",0.12552,{"date":501,"score":291,"percentile":502},"2026-01-08",0.12601,{"date":504,"score":291,"percentile":505},"2026-01-09",0.12623,{"date":507,"score":291,"percentile":508},"2026-01-10",0.12654,{"date":510,"score":291,"percentile":511},"2026-01-11",0.12628,{"date":513,"score":291,"percentile":514},"2026-01-12",0.12598,{"date":516,"score":291,"percentile":517},"2026-01-13",0.12576,{"date":519,"score":291,"percentile":520},"2026-01-14",0.12636,{"date":522,"score":291,"percentile":523},"2026-01-15",0.12641,{"date":525,"score":291,"percentile":526},"2026-01-16",0.12688,{"date":528,"score":291,"percentile":529},"2026-01-17",0.12702,{"date":531,"score":291,"percentile":532},"2026-01-18",0.12639,{"date":534,"score":291,"percentile":535},"2026-01-19",0.12581,{"date":537,"score":291,"percentile":538},"2026-01-20",0.12562,{"date":540,"score":291,"percentile":541},"2026-01-21",0.12534,{"date":543,"score":291,"percentile":544},"2026-01-22",0.125,{"date":546,"score":291,"percentile":547},"2026-01-23",0.12586,{"date":549,"score":291,"percentile":550},"2026-01-24",0.12635,{"date":552,"score":291,"percentile":553},"2026-01-25",0.12588,{"date":555,"score":291,"percentile":556},"2026-01-26",0.12526,{"date":558,"score":291,"percentile":559},"2026-01-27",0.12513,{"date":561,"score":291,"percentile":493},"2026-01-28",{"date":563,"score":291,"percentile":564},"2026-01-29",0.12487,{"date":566,"score":291,"percentile":544},"2026-01-30",{"date":568,"score":291,"percentile":569},"2026-01-31",0.12511,{"date":571,"score":291,"percentile":569},"2026-02-01",[573,578],{"source":295,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":574,"cvss_v4_0":9},{"baseScore":293,"baseSeverity":575,"vectorString":296,"impactScore":576,"exploitabilityScore":577},"CRITICAL",10,6.4,{"source":301,"cvss_v2_0":579,"cvss_v3_0":9,"cvss_v3_1":583,"cvss_v4_0":9},{"baseScore":580,"baseSeverity":9,"vectorString":581,"impactScore":576,"exploitabilityScore":582},7.2,"AV:L/AC:L/Au:N/C:C/I:C/A:C",3.9,{"baseScore":584,"baseSeverity":585,"vectorString":586,"impactScore":587,"exploitabilityScore":588},7.8,"HIGH","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",9.8,4.6,[590,603,609,620,628,636,643],{"ecosystem":9,"name":591,"vendor":592,"product":593,"cpe_part":594,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":595},"openstack cloud","suse","openstack_cloud","a",[596,599,601],{"version":597,"is_range":289,"range_type":598,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0","cpe",{"version":600,"is_range":289,"range_type":598,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":602,"is_range":289,"range_type":598,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":604,"vendor":592,"product":605,"cpe_part":594,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":606},"openstack cloud crowbar","openstack_cloud_crowbar",[607,608],{"version":600,"is_range":289,"range_type":598,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":602,"is_range":289,"range_type":598,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":610,"vendor":592,"product":611,"cpe_part":594,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":612},"SUSE OpenStack Cloud 7","suse openstack cloud 7",[613],{"version":614,"is_range":615,"range_type":295,"version_start":616,"version_start_type":617,"version_end":618,"version_end_type":619,"fixed_in":9},">= crowbar-core, \u003C 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-",true,"crowbar-core","including","4.0+git.1578392992.fabfd186c-9.63.1, crowbar-","excluding",{"ecosystem":9,"name":621,"vendor":592,"product":622,"cpe_part":594,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":623},"SUSE OpenStack Cloud 8","suse openstack cloud 8",[624],{"version":625,"is_range":615,"range_type":295,"version_start":626,"version_start_type":617,"version_end":627,"version_end_type":619,"fixed_in":9},">= ardana-cinder, \u003C 8.0+git.1579279939.ee7da88-3.39.3, ardana-","ardana-cinder","8.0+git.1579279939.ee7da88-3.39.3, ardana-",{"ecosystem":9,"name":629,"vendor":592,"product":630,"cpe_part":594,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":631},"SUSE OpenStack Cloud 9","suse openstack cloud 9",[632],{"version":633,"is_range":615,"range_type":295,"version_start":634,"version_start_type":617,"version_end":635,"version_end_type":619,"fixed_in":9},">= ardana-ansible, \u003C 9.0+git.1581611758.f694f7d-3.16.1, ardana-","ardana-ansible","9.0+git.1581611758.f694f7d-3.16.1, ardana-",{"ecosystem":9,"name":637,"vendor":592,"product":638,"cpe_part":594,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":639},"SUSE OpenStack Cloud Crowbar 8","suse openstack cloud crowbar 8",[640],{"version":641,"is_range":615,"range_type":295,"version_start":616,"version_start_type":617,"version_end":642,"version_end_type":619,"fixed_in":9},">= crowbar-core, \u003C 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-","5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-",{"ecosystem":9,"name":644,"vendor":592,"product":645,"cpe_part":594,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":646},"SUSE OpenStack Cloud Crowbar 9","suse openstack cloud crowbar 9",[647],{"version":648,"is_range":615,"range_type":295,"version_start":616,"version_start_type":617,"version_end":649,"version_end_type":619,"fixed_in":9},">= crowbar-core, \u003C 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-","6.0+git.1582892022.cbd70e833-3.19.3, crowbar-"]