Описание
oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Virtualization 3 | ovirt-engine | Affected | ||
| Red Hat Virtualization 4 | ovirt-engine | Affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-312
https://bugzilla.redhat.com/show_bug.cgi?id=1369793ovirt-engine: DWH_DB_PASSWORD is in cleartext in the log files
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Связанные уязвимости
CVSS3: 5.5
nvd
почти 9 лет назад
oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files.
CVSS3: 5.5
github
больше 3 лет назад
oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files.
5.9 Medium
CVSS3
4.3 Medium
CVSS2