Power Management Credentials Exposure in ovirt-engine by Red Hat
CVE-2018-1074

7.7HIGH

Key Information:

Vendor: Unspecified
Status: Ovirt-engine
Vendor: CVE Published:; 26 April 2018

🔔 Create Unspecified Vulnerability Alert

What is CVE-2018-1074?

The ovirt-engine, an open-source virtualization management platform from Red Hat, is susceptible to a security flaw that exposes Power Management credentials. Prior to versions 4.2.2.5 and 4.1.11.2, sensitive information, including cleartext passwords for Host Administrators, can be accessed. This vulnerability allows a Host Administrator to manipulate the power management systems of their controlled hosts, leading to potential unauthorized actions within the virtual environment.

Affected Version(s)

ovirt-engine ovirt-engine 4.2.2.5

ovirt-engine ovirt-engine 4.1.11.2

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1074

x_refsource_CONFIRM

https://access.redhat.com/errata/RHBA-2018:1219

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2018
Vulnerability Reserved
Dec 4, 2017