← voltar
CVE-2019-10139

CVE-2019-10139

CVSS 5.6 MEDIUMEPSS 0.2%CWE-522
During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted.
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Produtos afetados
ovirt · cockpit-ovirt

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHSA-2019:2433https://access.redhat.com/errata/RHSA-2019:2437https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10139http://www.securityfocus.com/bid/108396