CVE-2017-15113

Impact:
Low
Public Date:
2017-11-13
CWE:
CWE-212
Bugzilla:
1512365: CVE-2017-15113 ovirt-engine: DEBUG logging includes unmasked passwords

The MITRE CVE dictionary describes this issue as:

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.

Find out more about CVE-2017-15113 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 7.2
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required High
User Interaction Required
Scope Changed
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Virtualization 4 (org.ovirt.engine-root) RHEA-2017:3138 2017-11-07

Affected Packages State

Platform Package State
Red Hat Virtualization 4 ovirt-engine Affected
RHEV Manager 3 ovirt-engine Will not fix

Acknowledgements

This issue was discovered by Jiri Belka (Red Hat).

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.