CVE-2024-7259

Опубликовано: 26 сент. 2024

Источник: redhat

CVSS3: 4.4

EPSS Низкий

Описание

A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Virtualization 4	ovirt-engine	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-312

https://bugzilla.redhat.com/show_bug.cgi?id=2314229ovirt-engine: potential exposure of cleartext Provider passwords via web ui

EPSS

Процентиль: 19%

0.00062

Низкий

4.4 Medium

CVSS3

Связанные уязвимости

CVE-2024-7259

CVSS3: 4.4

nvd

11 месяцев назад

A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.

GHSA-9gxg-3rjh-xv63

CVSS3: 4.4

github

11 месяцев назад

A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.

ELSA-2024-12701

oracle-oval

11 месяцев назад

ELSA-2024-12701: ovirt-engine security update (MODERATE)

EPSS

Процентиль: 19%

0.00062

Низкий

4.4 Medium

CVSS3