Description
Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.
References (3)
Core 3
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10183
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/109027
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:3464
Scores
CVSS v3
3.2
EPSS
0.0014
EPSS Percentile
33.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
redhat/enterprise_linux
8.0
redhat/virt-manager
2.2.0
Published
Jul 03, 2019
Tracked Since
Feb 18, 2026