CVE-2019-10183 — Sensitive Information Exposure in RED HAT Virt-install

CWE-200 — Sensitive Information Exposure7 documents6 sources

Severity

3.3LOWNVD

EPSS

0.1%

top 66.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Virt-manager RED HAT Virt-install Redhat Enterprise Linux +1 more

Timeline

PublishedJul 3

Latest updateMay 24

Description

Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

▶Ubunturedhat/virt-manager< 1:2.2.1-3ubuntu2.1+1

▶NVDredhat/virt-manager2.2.0

▶debiandebian/virt-manager

▶CVEListV5red_hat/virt-installfrom virt-manager v2.2.0

Also affects: Enterprise Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-mjgr-85qm-mjv5: Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction↗2022-05-24

▶

OSV

CVE-2019-10183: Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction↗2019-07-03

▶

📋Vendor Advisories

Red Hat

virt-install: unattended option leaks password via command line argument↗2019-07-02

▶

Debian

CVE-2019-10183: virt-manager - Virt-install(1) utility used to provision new virtual machines has introduced an...↗2019

▶

💬Community

Bugzilla

CVE-2019-10183 virt-manager: virt-install: unattended option leaks password via command line argument [fedora-all]↗2019-07-03

▶

Bugzilla

CVE-2019-10183 virt-install: unattended option leaks password via command line argument↗2019-07-02

▶