In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7510 | Issue Tracking Third Party Advisory |
Configurations
History
12 Feb 2023, 23:30
Type | Values Removed | Values Added |
---|---|---|
Summary | In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface. | |
References |
|
|
CWE | CWE-200 |
02 Feb 2023, 21:17
Type | Values Removed | Values Added |
---|---|---|
Summary | It is reported that the RHV 4 REST API exposes data used in cloud-init which can include the root password used when creating a system. | |
References |
|
Information
Published : 2019-03-25 18:29
Updated : 2023-12-10 12:59
NVD link : CVE-2017-7510
Mitre link : CVE-2017-7510
CVE.ORG link : CVE-2017-7510
JSON object : View
Products Affected
redhat
- ovirt-engine