Описание
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Issue TrackingPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.1.7.6 (исключая)
cpe:2.3:a:ovirt:ovirt:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00344
Низкий
7.2 High
CVSS3
6.6 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-212
CWE-532
Связанные уязвимости
CVSS3: 7.2
redhat
около 8 лет назад
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.
EPSS
Процентиль: 56%
0.00344
Низкий
7.2 High
CVSS3
6.6 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-212
CWE-532