Vulnerability CVE-2017-15113

Vulnerability CVE-2017-15113

Published: 2018-07-27

Description:

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.

Type:

CWE-532

(Information Exposure Through Log Files)

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
3.5/10	2.9/10	6.8/10

Exploit range	Attack complexity	Authentication
Remote	Medium	Single time
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
Redhat -> Virtualization
Ovirt -> Ovirt

References:

http://www.securityfocus.com/bid/101933

https://access.redhat.com/errata/RHEA-2017:3138

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15113

https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commitdiff;h=f4a5d0cc772127dbfe40789e26c4633ceea07d14;hp=e6e8704ac9eb115624ff66e2965877d8e63a45f4

Vulnerability CVE-2017-15113

CWE-532

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:N/A:N)

3.5/10

2.9/10

6.8/10

Remote

Medium

Single time

Partial

None

None

Affected software

References: