CVE-2017-15113

Name of the Vulnerable Software and Affected Versions: ovirt-engine versions prior to 4.1.7.6

Description: The issue allows passwords to be included in log files without masking when the log level is set to DEBUG. This poses a risk when debug-level logs are shared with external parties for troubleshooting purposes. Only administrators can change the log level and access the logs.

Recommendations: For versions prior to 4.1.7.6, update to version 4.1.7.6 or later to resolve the issue. As a temporary workaround, consider setting the log level to a level other than DEBUG to prevent passwords from being logged, and restrict access to log files to minimize the risk of password exposure.