CVE-2019-13314

Published: Jul 5, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

virt-bootstrap 1.1.0 allows local users to discover a root password by listing a process, because this password may be present in the --root-password option to virt_bootstrap.py.

Affected (1)

Products: Redhat: Virt Bootstrap

Redhat

1 product

Virt Bootstrap

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Virt Bootstrap	Version 1.1.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (14)

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00080.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00026.html

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2019/07/08/3

Source: cve@mitre.org

Third Party Advisory

https://github.com/virt-manager/virt-bootstrap/releases

Source: cve@mitre.org

Release NotesThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2PQSLGSTPVQ5WQ4DDKFV4I262JIFXY6/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKMQLYAHCDIE5TBXWDNBG7554KWI5QT3/

Source: cve@mitre.org

https://www.redhat.com/archives/virt-tools-list/2019-July/msg00043.html

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00080.html