CVE-2018-1072
ovirt-engine-setup: unfiltered db password in engine-backup log
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords.
ovirt-engine en versiones anteriores a ovirt 4.2.2 es vulnerable a una exposición de información mediante archivos de log. Cuando engine-backup se ejecutaba con una de las opciones "--provision*db", el nombre de usuario y la contraseña de la base de la base de datos se registraban en texto claro. Compartir el log de aprovisionamiento podía fugar de manera inadvertida contraseñas de la base de datos.
A flaw was found in ovirt-engine. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-04 CVE Reserved
- 2018-06-26 CVE Published
- 2023-11-17 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1072 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:2071 | 2019-10-09 | |
https://access.redhat.com/security/cve/CVE-2018-1072 | 2018-06-27 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1553522 | 2018-06-27 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1540622 | 2018-06-27 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ovirt Search vendor "Ovirt" | Ovirt Search vendor "Ovirt" for product "Ovirt" | < 4.2.2 Search vendor "Ovirt" for product "Ovirt" and version " < 4.2.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Virtualization Manager Search vendor "Redhat" for product "Enterprise Virtualization Manager" | 4.2 Search vendor "Redhat" for product "Enterprise Virtualization Manager" and version "4.2" | - |
Affected
|