CVE-2018-1075
Last modified
CVE-2018-1075 is a vulnerability of currently unknown severity. ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ovirt | Ovirt | < 4.2.3 |
References
- https://access.redhat.com/errata/RHSA-2018:2071Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1075Issue Tracking, Third Party Advisory
- https://gerrit.ovirt.org/#/c/91653/Vendor Advisory
- https://access.redhat.com/errata/RHSA-2018:2071Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1075Issue Tracking, Third Party Advisory
- https://gerrit.ovirt.org/#/c/91653/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1075?
How severe is CVE-2018-1075?
How do I fix CVE-2018-1075?
Are you affected by CVE-2018-1075?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST