CVE-2019-10139

Name of the Vulnerable Software and Affected Versions cockpit-ovirt (affected versions not specified)

Description The issue is related to insufficient protection of registration data in the cockpit-ovirt plugin of the Red Hat Virtualization management software. During HE deployment, an Ansible variable file is generated, containing admin and appliance passwords in plain text. Although the file is deleted at the end of the deployment procedure, the vulnerability could potentially allow an attacker to disclose privileged user credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.