CVE-2024-7259

Опубликовано: 26 сент. 2024

Источник: redhat

CVSS3: 4.4

Описание

A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Virtualization 4	ovirt-engine	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-312

https://bugzilla.redhat.com/show_bug.cgi?id=2314229ovirt-engine: potential exposure of cleartext Provider passwords via web ui

4.4 Medium

CVSS3

Связанные уязвимости

CVE-2024-7259

CVSS3: 4.4

nvd

около 1 года назад

A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.

GHSA-9gxg-3rjh-xv63

CVSS3: 4.4

github

около 1 года назад

A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.

ELSA-2024-12701

oracle-oval

около 1 года назад

ELSA-2024-12701: ovirt-engine security update (MODERATE)

4.4 Medium

CVSS3