Vulnerability CVE-2019-10183


Published: 2019-07-03

Description:
Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Redhat -> Virt-manager 
Redhat -> Enterprise linux 

 References:
http://www.securityfocus.com/bid/109027
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10183

Copyright 2024, cxsecurity.com

 

Back to Top