CVE-2017-7510

CWE-200Information ExposureCWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
8.8HIGH
EPSS
0.2%
top 59.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
[unknown] RHVRedhat Ovirt-engine
Timeline
PublishedMar 25
Latest updateMay 13

Description

In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5[unknown]/rhv4.1

🔴Vulnerability Details

2
GHSA
GHSA-4mqp-w6v5-gr6x: In ovirt-engine 42022-05-13
CVEList
CVE-2017-7510: In ovirt-engine 42019-03-25

📋Vendor Advisories

1
Red Hat
4: ovirt-engine exposes cloud-init root password via REST API2017-07-27

💬Community

1
Bugzilla
CVE-2017-7510 RHV 4: ovirt-engine exposes cloud-init root password via REST API2017-05-29
CVE-2017-7510 (HIGH CVSS 8.8) | In ovirt-engine 4.1 | cvebase.io