Описание
In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.
It is reported that the RHV 4 REST API exposes data used in cloud-init which can include the root password used when creating a system.
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=14565904: ovirt-engine exposes cloud-init root password via REST API
EPSS
Процентиль: 48%
0.00253
Низкий
6.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 8.8
nvd
почти 7 лет назад
In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.
CVSS3: 8.8
github
больше 3 лет назад
In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.
EPSS
Процентиль: 48%
0.00253
Низкий
6.5 Medium
CVSS3