CVE-2017-15113
Summary
| CVE | CVE-2017-15113 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-27 16:29:00 UTC |
| Updated | 2023-11-07 02:39:00 UTC |
| Description | ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues. |
Risk And Classification
Problem Types: CWE-532
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ovirt | Ovirt | All | All | All | All |
| Application | Ovirt | Ovirt | All | All | All | All |
| Application | Redhat | Virtualization | 4.1 | All | All | All |
| Application | Redhat | Virtualization | 4.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| gerrit.ovirt Code Review - ovirt-engine.git/commitdiff | gerrit.ovirt.org | ||
| oVirt Engine CVE-2017-15113 Debug Logging Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| 1512365 – (CVE-2017-15113) CVE-2017-15113 ovirt-engine: DEBUG logging includes unmasked passwords | CONFIRM | bugzilla.redhat.com | Issue Tracking, Patch, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| gerrit.ovirt Code Review - ovirt-engine.git/commitdiff | CONFIRM | gerrit.ovirt.org | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.