ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/101933 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHEA-2017:3138 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15113 | Issue Tracking Patch Third Party Advisory |
https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commitdiff%3Bh=f4a5d0cc772127dbfe40789e26c4633ceea07d14%3Bhp=e6e8704ac9eb115624ff66e2965877d8e63a45f4 |
Configurations
History
No history.
Information
Published : 2018-07-27 16:29
Updated : 2024-02-04 20:03
NVD link : CVE-2017-15113
Mitre link : CVE-2017-15113
CVE.ORG link : CVE-2017-15113
JSON object : View
Products Affected
redhat
- virtualization
ovirt
- ovirt