Описание
During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file /var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
EPSS
5.6 Medium
CVSS3
7.8 High
CVSS3
2.1 Low
CVSS2
Дефекты
Связанные уязвимости
During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted.
During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted.
Уязвимость компонента /var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var плагина cockpit-ovirt программного средства управления виртуализацией серверов и рабочих станций Red Hat Virtualization, позволяющая нарушителю раскрыть учетные данные привилегированного пользователя
EPSS
5.6 Medium
CVSS3
7.8 High
CVSS3
2.1 Low
CVSS2