Описание
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Quickstart Cloud Installer 1 | Distribution | Affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-732
https://bugzilla.redhat.com/show_bug.cgi?id=1366412QCI: creates world readable /var/lib/ovirt-engine/setup/engine-DC-config.py contains sensitive password
EPSS
Процентиль: 61%
0.00413
Низкий
7.1 High
CVSS3
4.9 Medium
CVSS2
Связанные уязвимости
CVSS3: 9.8
nvd
больше 8 лет назад
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.
CVSS3: 9.8
github
больше 3 лет назад
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.
EPSS
Процентиль: 61%
0.00413
Низкий
7.1 High
CVSS3
4.9 Medium
CVSS2