Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10194 | 1 Ovirt | 1 Ovirt | 2020-10-15 | 2.1 LOW | 5.5 MEDIUM |
| Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts. | |||||
| CVE-2017-15113 | 2 Ovirt, Redhat | 2 Ovirt, Virtualization | 2019-10-09 | 3.5 LOW | 6.6 MEDIUM |
| ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues. | |||||
| CVE-2016-6341 | 1 Ovirt | 1 Ovirt | 2017-04-25 | 2.1 LOW | 5.5 MEDIUM |
| oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files. | |||||