CVE-2019-13313
Libosinfo: osinfo-install-script option leaks password via command line argument
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.
libosinfo versión 1.5.0, permite a los usuarios locales descubrir credenciales mediante la enumeración de un proceso, porque las credenciales son pasadas en un script de instalación de osinfo por medio de la línea de comandos.
A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system users via a process listing.
The osinfo-db package contains a database that provides information about operating systems and hypervisor platforms to facilitate the automated configuration and provisioning of new virtual machines. The libosinfo packages provide a library that allows virtualization provisioning tools to determine the optimal device settings for a combination of hypervisor and operating system. A password leak vulnerability was addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-07-05 CVE Reserved
- 2019-07-05 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2019/07/08/3 | Mailing List |
|
| https://gitlab.com/libosinfo/libosinfo/-/tags | Release Notes | |
| https://gitlab.com/libosinfo/libosinfo/blob/master/NEWS | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.redhat.com/archives/libosinfo/2019-July/msg00026.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libosinfo Search vendor "Libosinfo" | Libosinfo Search vendor "Libosinfo" for product "Libosinfo" | 1.5.0 Search vendor "Libosinfo" for product "Libosinfo" and version "1.5.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 29 Search vendor "Fedoraproject" for product "Fedora" and version "29" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.1 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 8.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 8.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.6" | - |
Affected
| ||||||