CVE-2014-0199

CWE-310CWE-732Incorrect Permission Assignment5 documents5 sources
Severity
2.1LOW
EPSS
0.1%
top 82.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Rhevm-reports
Timeline
PublishedMay 29
Latest updateMay 17

Description

The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-cr4w-q8q3-vcf6: The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 32022-05-17
CVEList
CVE-2014-0199: The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 32014-05-29

📋Vendor Advisories

1
Red Hat
ovirt-engine-reports: setup script logs database password in cleartext2014-05-27

💬Community

1
Bugzilla
CVE-2014-0199 ovirt-engine-reports: setup script logs database password in cleartext2014-05-05