oVirt Engine prior to 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ovirt ovirt |