Description
ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords.
References (2)
Core 2
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2071
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1072
Scores
CVSS v3
5.0
EPSS
0.0015
EPSS Percentile
34.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (2)
ovirt/ovirt
< 4.2.2
redhat/enterprise_virtualization_manager
4.2
Published
Jun 26, 2018
Tracked Since
Feb 18, 2026