Ovirt · Ovirt-Hosted-Engine-Setup · CVE-2018-1000018
Name of the Vulnerable Software and Affected Versions:
ovirt-hosted-engine-setup versions prior to 2.2.7
Description:
An information disclosure issue reveals the root user's password in the log file.
Recommendations:
For versions prior to 2.2.7, update to version 2.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the log file to minimize the risk of exploitation.