CVE-2017-7510

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2017-7510
In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7510 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:ovirt-engine:4.1.0:-:*:*:*:*:*:*
History

12 Feb 2023, 23:30

Type Values Removed Values Added
Summary It is reported that the RHV 4 REST API exposes data used in cloud-init which can include the root password used when creating a system. In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.
References
  • {'url': 'https://access.redhat.com/errata/RHEA-2017:1814', 'name': 'https://access.redhat.com/errata/RHEA-2017:1814', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1456590', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1456590', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2017-7510', 'name': 'https://access.redhat.com/security/cve/CVE-2017-7510', 'tags': [], 'refsource': 'MISC'}
CWE CWE-522 CWE-200

02 Feb 2023, 21:17

Type Values Removed Values Added
Summary In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface. It is reported that the RHV 4 REST API exposes data used in cloud-init which can include the root password used when creating a system.
References
  • (MISC) https://access.redhat.com/errata/RHEA-2017:1814 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1456590 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2017-7510 -
Information

Published : 2019-03-25 18:29

Updated : 2023-12-10 12:59

NVD link : CVE-2017-7510

Mitre link : CVE-2017-7510

CVE.ORG link : CVE-2017-7510

JSON object : View

Products Affected

redhat

  • ovirt-engine
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-522

Insufficiently Protected Credentials