ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ovirt ovirt |
||
redhat enterprise virtualization manager 4.2 |