CVE-2024-7259Cleartext Storage of Sensitive Info in Ovirt-engine

CWE-312Cleartext Storage of Sensitive Info5 documents5 sources
Severity
4.9MEDIUMNVD
EPSS
0.2%
top 64.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ovirt Ovirt-engine
Timeline
PublishedSep 26

Description

A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages1 packages

NVDovirt/ovirt-engine< 4.5.7

🔴Vulnerability Details

2
GHSA
GHSA-9gxg-3rjh-xv63: A flaw was found in oVirt2024-09-26
CVEList
Ovirt-engine: potential exposure of cleartext provider passwords via web ui2024-09-26

📋Vendor Advisories

1
Red Hat
ovirt-engine: potential exposure of cleartext Provider passwords via web ui2024-09-26

💬Community

1
Bugzilla
CVE-2024-26718 kernel: dm-crypt, dm-verity: disable tasklets2024-04-03
CVE-2024-7259 — Cleartext Storage of Sensitive Info | cvebase