Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-10183

Опубликовано: 02 июл. 2019
Источник: redhat
CVSS3: 2.8
EPSS Низкий

Описание

Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.

The virt-install utility used to provision new virtual machines, in virt-manager v2.2.0, has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments. An attacker could obtain these passwords though process listings on the system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5virt-managerNot affected
Red Hat Enterprise Linux 6virt-managerNot affected
Red Hat Enterprise Linux 7virt-managerNot affected
Red Hat Enterprise Linux 8virt-managerFixedRHSA-2019:346405.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1726232virt-install: unattended option leaks password via command line argument

EPSS

Процентиль: 34%
0.00139
Низкий

2.8 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-10183

CVSS3: 3.2
ubuntu
больше 6 лет назад

Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.

nvd логотип

CVE-2019-10183

CVSS3: 3.2
nvd
больше 6 лет назад

Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.

debian логотип

CVE-2019-10183

CVSS3: 3.2
debian
больше 6 лет назад

Virt-install(1) utility used to provision new virtual machines has int ...

github логотип

GHSA-mjgr-85qm-mjv5

CVSS3: 3.3
github
больше 3 лет назад

Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.

oracle-oval логотип

ELSA-2019-3464

oracle-oval
около 6 лет назад

ELSA-2019-3464: virt-manager security, bug fix, and enhancement update (LOW)

EPSS

Процентиль: 34%
0.00139
Низкий

2.8 Low

CVSS3