Vulnerability Description
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ovirt | Ovirt | < 4.1.7.6 |
| Redhat | Virtualization | 4.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101933Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHEA-2017:3138Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15113Issue TrackingPatchThird Party Advisory
- https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commitdiff%3Bh=f4a5d0cc77
- http://www.securityfocus.com/bid/101933Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHEA-2017:3138Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15113Issue TrackingPatchThird Party Advisory
- https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commitdiff%3Bh=f4a5d0cc77
FAQ
What is CVE-2017-15113?
CVE-2017-15113 is a vulnerability with a CVSS score of 7.2 (HIGH). ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the ...
How severe is CVE-2017-15113?
CVE-2017-15113 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15113?
Check the references section above for vendor advisories and patch information. Affected products include: Ovirt Ovirt, Redhat Virtualization.