oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files.
References
Link | Resource |
---|---|
https://www.ovirt.org/release/4.0.3/ | Patch Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1369793 | Issue Tracking |
https://bugzilla.redhat.com/show_bug.cgi?id=1363816 | Issue Tracking |
http://www.securityfocus.com/bid/92665 | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2017-04-20 10:59
Updated : 2017-04-25 12:02
NVD link : CVE-2016-6341
Mitre link : CVE-2016-6341
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
ovirt
- ovirt