Описание
An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.
Отчет
Released versions of Red Hat Enterprise Virtualization were not impacted by this issue in practice as the passwords were not saved in the answerfile during provisioning.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Virtualization 4 | ovirt-hosted-engine-setup | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-532
https://bugzilla.redhat.com/show_bug.cgi?id=1537904ovirt-hosted-engine-setup: root password exposed in log file
6.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 7.8
nvd
около 8 лет назад
An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.
CVSS3: 7.8
github
больше 3 лет назад
An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.
6.3 Medium
CVSS3