Published: 12/06/2018 Updated: 13/02/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ovirt ovirt

Synopsis Moderate: Red Hat Virtualization Manager security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for orgovirtengine-root is now available for Red Hat Virtualization Manager 42Red Hat Product Security has rated this update as having a security impact o ...

A flaw was found in ovirt-engine When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step Sharing the provisioning log might inadvertently leak database passwords ...

CWE-532 https://gerrit.ovirt.org/#/c/91653/https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1075 https://access.redhat.com/errata/RHSA-2018:2071 https://access.redhat.com/errata/RHSA-2018:2071 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2018-1075

CVE-2018-1075

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect