Vulnerability Description
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ovirt | Ovirt | All versions |
| Redhat | Virtualization Manager | 4.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/109140Broken LinkThird Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2019:2499Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10194Issue TrackingVendor Advisory
- http://www.securityfocus.com/bid/109140Broken LinkThird Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2019:2499Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10194Issue TrackingVendor Advisory
FAQ
What is CVE-2019-10194?
CVE-2019-10194 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with...
How severe is CVE-2019-10194?
CVE-2019-10194 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10194?
Check the references section above for vendor advisories and patch information. Affected products include: Ovirt Ovirt, Redhat Virtualization Manager.