CVE-2019-10194

EUVD-2019-2217
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
redhatCNA
5.9 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
ovirtovirt
*
redhatvirtualization_manager
4.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/109140
https://access.redhat.com/errata/RHSA-2019:2499
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10194
http://www.securityfocus.com/bid/109140
https://access.redhat.com/errata/RHSA-2019:2499
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10194