A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss.
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Virtualization | Redhat | 4.0 (including) | 4.0 (including) |
Red Hat Virtualization Engine 4.4 | RedHat | ovirt-engine-0:4.5.3.2-1.el8ev | * |
Red Hat Virtualization Engine 4.4 | RedHat | ovirt-engine-dwh-0:4.5.7-1.el8ev | * |
Red Hat Virtualization Engine 4.4 | RedHat | ovirt-engine-ui-extensions-0:1.3.6-1.el8ev | * |
Red Hat Virtualization Engine 4.4 | RedHat | ovirt-web-ui-0:1.9.2-1.el8ev | * |