CVE-2019-10194

CWE-532Log File Information Exposure5 documents5 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 75.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
RED HAT Ovirt-engine-metricsRedhat Virtualization Manager
Timeline
PublishedJul 11
Latest updateMay 24

Description

Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5red_hat/ovirt-engine-metricsall versions

🔴Vulnerability Details

2
GHSA
GHSA-2rxg-f4r2-fm3c: Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions2022-05-24
CVEList
CVE-2019-10194: Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions2019-07-11

📋Vendor Advisories

1
Red Hat
ovirt-engine-metrics: disclosure of sensitive passwords in log files and ansible playbooks2019-02-26

💬Community

1
Bugzilla
CVE-2019-10194 ovirt-engine-metrics: disclosure of sensitive passwords in log files and ansible playbooks2019-07-02