CVE-2018-1075

ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords.
References
Configurations

Configuration 1

cpe:2.3:a:ovirt:ovirt:*:*:*:*:*:*:*:*

Information

Published : 2018-06-12 01:29

Updated : 2023-02-13 04:53


NVD link : CVE-2018-1075

Mitre link : CVE-2018-1075

Products Affected
No products.
CWE
CWE-532

Insertion of Sensitive Information into Log File