Vulnerability in oVirt Ansible Roles Affects Red Hat Automation Tools
CVE-2018-1117

5MEDIUM

Key Information:

Vendor

[unknown]

Status
Ovirt-ansible-roles
Vendor
CVE Published:
20 June 2018

What is CVE-2018-1117?

The oVirt Ansible Roles prior to version 1.0.6 contains a significant vulnerability that arises from a missing no_log directive in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook. This deficiency can inadvertently expose sensitive information, specifically admin passwords, within the provisioning log files. If logs are shared with untrusted entities, this could lead to unauthorized privilege escalation, compromising the security of the entire system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ovirt-ansible-roles ovirt-ansible-roles 1.0.6

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1117
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104186
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2018:1452
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.