Описание
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Virtualization 3 | ovirt-engine | Will not fix | ||
| Red Hat Virtualization Engine 4.1 | org.ovirt.engine-root | Fixed | RHEA-2017:3138 | 07.11.2017 |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-212
https://bugzilla.redhat.com/show_bug.cgi?id=1512365ovirt-engine: DEBUG logging includes unmasked passwords
7.2 High
CVSS3
Связанные уязвимости
CVSS3: 7.2
nvd
больше 7 лет назад
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.
7.2 High
CVSS3