CVE-2019-10194

Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/109140	Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:2499	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10194	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ovirt:ovirt:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*

History

01 Mar 2023, 16:32

Type	Values Removed	Values Added
CPE		cpe:2.3:a:redhat:virtualization_manager:4.3:::::::*
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2019:2499 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2019:2499 - Third Party Advisory
References	~~(BID) http://www.securityfocus.com/bid/109140 - Third Party Advisory~~	(BID) http://www.securityfocus.com/bid/109140 - Broken Link, Third Party Advisory, VDB Entry

Information

Published : 2019-07-11 19:15

Updated : 2024-02-04 20:20

NVD link : CVE-2019-10194

Mitre link : CVE-2019-10194

CVE.ORG link : CVE-2019-10194

JSON object : View

Products Affected

redhat

virtualization_manager

ovirt

ovirt

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2019-10194", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.5}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-07-11T19:15:12.783", "references": [{"url": "http://www.securityfocus.com/bid/109140", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2499", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10194", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts."}, {"lang": "es", "value": "Contrase\u00f1as confidenciales utilizadas en la implementaci\u00f3n y configuraci\u00f3n de oVirt Metrics, todas las versiones. Se detect\u00f3 que no estaban suficientemente protegidas. Las contrase\u00f1as se pueden revelar en archivos de registro (si los playbooks se ejecutan con -v) o en los playbooks almacenados en los hosts de Metrics or Bastion."}], "lastModified": "2023-03-01T16:32:18.023", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ovirt:ovirt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1790798-FF13-427A-B10C-60359C6435D3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FA1A18F-D997-4121-A01B-FD9B3BF266CF"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}