PT-2019-11608 · Red Hat+2 · Virt-Manager+3

Prasad Pandit

Published

2019-07-03

Updated

2024-06-15

CVE-2019-10183

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: virt-manager version 2.2.0

Description: The virt-install utility has introduced an option '--unattended' to create virtual machines without user interaction. This option accepts the guest VM password as command line arguments, potentially leaking them to other users on the system via process listing.

Recommendations: For virt-manager version 2.2.0, consider avoiding the use of the '--unattended' option until a secure alternative is available, or restrict access to process listings to minimize the risk of password exposure.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2019-2209

ALT-PU-2019-2371

CESA-2019_3464

CVE-2019-10183

OPENSUSE-SU-2024:11500-1

RHSA-2019:3464

RHSA-2019_3464

Affected Products

Alt Linux

Centos

Red Hat

Virt-Manager

PT-2019-11608 · Red Hat+2 · Virt-Manager+3

CVE-2019-10183

Weakness Enumeration

Related Identifiers

Affected Products

References · 11