CVE-2017-15113

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ovirt:ovirt:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-07-27 16:29

Updated : 2024-02-04 20:03


NVD link : CVE-2017-15113

Mitre link : CVE-2017-15113

CVE.ORG link : CVE-2017-15113


JSON object : View

Products Affected

redhat

  • virtualization

ovirt

  • ovirt
CWE
CWE-532

Insertion of Sensitive Information into Log File

CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer