Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/109140 | Broken Link Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2019:2499 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10194 | Issue Tracking Vendor Advisory |
Configurations
History
01 Mar 2023, 16:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:* | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2499 - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/109140 - Broken Link, Third Party Advisory, VDB Entry |
Information
Published : 2019-07-11 19:15
Updated : 2024-02-04 20:20
NVD link : CVE-2019-10194
Mitre link : CVE-2019-10194
CVE.ORG link : CVE-2019-10194
JSON object : View
Products Affected
redhat
- virtualization_manager
ovirt
- ovirt
CWE
CWE-532
Insertion of Sensitive Information into Log File