ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1072 | Issue Tracking Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:2071 | Third Party Advisory |
Information
Published : 2018-06-26 11:29
Updated : 2019-10-09 16:38
NVD link : CVE-2018-1072
Mitre link : CVE-2018-1072
JSON object : View
CWE
CWE-532
Insertion of Sensitive Information into Log File
Products Affected
ovirt
- ovirt
redhat
- enterprise_virtualization_manager