CVE-2017-15113

Published: Jul 27, 2018

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

7.2

HIGH

Description

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.

Vendor	Product	Versions
Red Hat	ovirt-engine	affected `4.1.7.6`

Weaknesses (CWE)

CWE-212

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commitdiff%3Bh=f4a5d0cc772127dbfe40789e26c4633ceea07d14%3Bhp=e6e8704ac9eb115624ff66e2965877d8e63a45f4

x_refsource_CONFIRM

101933

vdb-entry

x_refsource_BID

RHEA-2017:3138

vendor-advisory

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15113

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-15113

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References