CVE-2019-10194
ovirt-engine-metrics: disclosure of sensitive passwords in log files and ansible playbooks
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
Contraseñas confidenciales utilizadas en la implementación y configuración de oVirt Metrics, todas las versiones. Se detectó que no estaban suficientemente protegidas. Las contraseñas se pueden revelar en archivos de registro (si los playbooks se ejecutan con -v) o en los playbooks almacenados en los hosts de Metrics or Bastion.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-03-27 CVE Reserved
- 2019-07-11 CVE Published
- 2024-07-04 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/109140 | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:2499 | 2023-03-01 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10194 | 2023-03-01 | |
| https://access.redhat.com/security/cve/CVE-2019-10194 | 2019-08-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1726007 | 2019-08-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ovirt Search vendor "Ovirt" | Ovirt Search vendor "Ovirt" for product "Ovirt" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Virtualization Manager Search vendor "Redhat" for product "Virtualization Manager" | 4.3 Search vendor "Redhat" for product "Virtualization Manager" and version "4.3" | - |
Affected
| ||||||