PT-2017-8969 · Ovirt · Ovirt Engine
Andrej Nemec
+1
·
Publicado
2017-04-20
·
Atualizado
2017-04-25
·
CVE-2016-6341
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
oVirt Engine versions prior to 4.0.3
Description
The issue allows local users to obtain sensitive password information by reading engine log files, as the
DWH DB PASSWORD is not included in the list of keys to hide in log files.Recommendations
For versions prior to 4.0.3, update to version 4.0.3 or later to include
DWH DB PASSWORD in the list of keys to hide in log files, preventing local users from obtaining sensitive password information.Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ovirt Engine