2.1
CVSSv2

CVE-2018-1000018

Published: 24/01/2018 Updated: 03/10/2019
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

An information disclosure in ovirt-hosted-engine-setup before 2.2.7 reveals the root user's password in the log file.

Affected Products

Vendor Product Versions
OvirtOvirt-hosted-engine-setup1.0.0, 1.0.00.6, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.5.1, 1.2.5.2, 1.2.5.3, 1.2.6, 1.2.6.1, 1.3.0, 1.3.1, 1.3.1.1, 1.3.1.2, 1.3.1.3, 1.3.1.4, 1.3.2, 1.3.2.1, 1.3.2.2, 1.3.2.3, 1.3.3.0, 1.3.3.1, 1.3.3.2, 1.3.3.3, 1.3.3.4, 1.3.4.0, 1.3.5.0, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.7.3, 2.0.0, 2.0.0.1, 2.0.0.2, 2.0.1, 2.0.1.1, 2.0.1.2, 2.0.1.3, 2.0.1.4, 2.0.1.5, 2.0.2, 2.0.2.1, 2.0.2.2, 2.0.3, 2.0.4, 2.0.4.1, 2.0.4.2, 2.1.0, 2.1.0.1, 2.1.0.2, 2.1.0.3, 2.1.0.4, 2.1.0.5, 2.1.0.6, 2.1.1, 2.1.2, 2.1.3, 2.1.3.1, 2.1.3.2, 2.1.3.3, 2.1.3.4, 2.1.3.5, 2.1.3.6, 2.1.3.7, 2.1.3.8, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6

Vendor Advisories

An information disclosure in ovirt-hosted-engine-setup prior to 227 reveals the root user's password in the log file ...