CVE-2019-10194

Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
redhatCNA
5.9 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
ovirtovirt
*
redhatvirtualization_manager
4.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/109140
https://access.redhat.com/errata/RHSA-2019:2499
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10194
http://www.securityfocus.com/bid/109140
https://access.redhat.com/errata/RHSA-2019:2499
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10194