CVE-2017-7510

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ovirt-engine version 4.1

Description The issue allows the root password to be revealed through the REST interface if a host was provisioned with cloud-init.

Recommendations For ovirt-engine version 4.1, update to a version that includes a fix for this issue to prevent the root password from being revealed.

Fix

Information Disclosure

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-522

Related Identifiers

CVE-2017-7510

Affected Products

Ovirt Engine

CVE-2017-7510

Weakness Enumeration

Related Identifiers

Affected Products

References · 3