Описание
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.
A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates (which could then be used to steal other sensitive information such as passwords).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Gluster Storage 3.1 | org.ovirt.engine-root | Will not fix | ||
| RHEV Manager version 3.6 | org.ovirt.engine-root | Fixed | RHSA-2016:1929 | 21.09.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.9 Medium
CVSS2
Связанные уязвимости
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.
EPSS
4.9 Medium
CVSS2