ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2018:2071 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1075 | Issue Tracking Third Party Advisory |
https://gerrit.ovirt.org/#/c/91653/ | Vendor Advisory |
Configurations
History
13 Feb 2023, 04:53
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
Summary | ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords. | |
References |
|
02 Feb 2023, 21:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A flaw was found in ovirt-engine. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords. |
Information
Published : 2018-06-12 13:29
Updated : 2023-12-10 12:30
NVD link : CVE-2018-1075
Mitre link : CVE-2018-1075
CVE.ORG link : CVE-2018-1075
JSON object : View
Products Affected
ovirt
- ovirt