← Back

CVE-2017-15113

nvd nist
Published: Jul 27, 2018Modified: Nov 21, 2024

JSON object

Loading...
6.6
Vector
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.7 / Impact: 5.9
Source: NVD

Description

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.

Affected (2)

Ovirt
1 product
Ovirt
Redhat
1 product
Virtualization
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Ovirt
Before 4.1.7.6
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Virtualization
Version 4.1

Related CWEs

CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
CWE-532
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (8)

Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.