The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2014-0199 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 2.1 |
---|---|
Base Metrics | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Access Vector | Local |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | None |
Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
RHEV Manager 3 (ovirt_engine_reports-root) | RHSA-2014:0558 | 2014-05-27 |
Platform | Package | State |
---|---|---|
RHEV Manager 3 | ovirt-engine-reports | Will not fix |