← volver
CVE-2019-10139

CVE-2019-10139

CVSS 5.6 MEDIUMEPSS 0.2%CWE-522
During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted.
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Productos afectados
ovirt · cockpit-ovirt

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2019:2433https://access.redhat.com/errata/RHSA-2019:2437https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10139http://www.securityfocus.com/bid/108396