CVE-2019-10139

Summary

During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file /var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted.

Affected Software

VendorProductVersion RangeStatus
ovirtcockpit-ovirtn/aaffected

Weaknesses

  • CWE-522: CWE-522

ADP Enrichment

CVE Program Container

Additional References

References