CVE-2017-15113
7.2
CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Summary
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | ovirt-engine | 4.1.7.6 | affected |
Weaknesses
- CWE-212: CWE-212
ADP Enrichment
CVE Program Container
Additional References
- https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commitdiff%3Bh=f4a5d0cc772127dbfe40789e26c4633ceea07d14%3Bhp=e6e8704ac9eb115624ff66e2965877d8e63a45f4
- http://www.securityfocus.com/bid/101933
- https://access.redhat.com/errata/RHEA-2017:3138
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15113
References
- https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commitdiff%3Bh=f4a5d0cc772127dbfe40789e26c4633ceea07d14%3Bhp=e6e8704ac9eb115624ff66e2965877d8e63a45f4
- http://www.securityfocus.com/bid/101933
- https://access.redhat.com/errata/RHEA-2017:3138
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15113
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.