CVE-2019-10139 – cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment

https://notcve.org/view.php?id=CVE-2019-10139

During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted. Durante la implementación de HE a través de cockpit-ovirt, cockpit-ovirt genera un archivo variable ansible `/ var / lib / ovirt-hosts-configuración-cockpit / ansibleVarFileXXXXXX.var` que contiene las contraseñas del administrador y del dispositivo como plain-text. En el momento del procedimiento de implementación, estos archivos se suprimen. • http://www.securityfocus.com/bid/108396 https://access.redhat.com/errata/RHSA-2019:2433 https://access.redhat.com/errata/RHSA-2019:2437 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10139 https://access.redhat.com/security/cve/CVE-2019-10139 https://bugzilla.redhat.com/show_bug.cgi?id=1709829 • CWE-311: Missing Encryption of Sensitive Data CWE-522: Insufficiently Protected Credentials •