CVE-2017-15113

7.2HIGH

Key Information:

Vendor: Red Hat
Status: Ovirt-engine
Vendor: CVE Published:; 27 July 2018

Summary

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.

Affected Version(s)

ovirt-engine 4.1.7.6

References

https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=co...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101933

vdb-entryx_refsource_BID

https://access.redhat.com/errata/RHEA-2017:3138

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 27, 2018
Vulnerability Reserved
Oct 8, 2017

.