CVE Vulnerabilities

CVE-2022-2805

Cleartext Storage of Sensitive Information

Published: Oct 19, 2022 | Modified: May 09, 2025
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
5.1 MODERATE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Ubuntu

A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss.

Weakness

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Affected Software

Name Vendor Start Version End Version
Virtualization Redhat 4.0 (including) 4.0 (including)
Red Hat Virtualization Engine 4.4 RedHat ovirt-engine-0:4.5.3.2-1.el8ev *
Red Hat Virtualization Engine 4.4 RedHat ovirt-engine-dwh-0:4.5.7-1.el8ev *
Red Hat Virtualization Engine 4.4 RedHat ovirt-engine-ui-extensions-0:1.3.6-1.el8ev *
Red Hat Virtualization Engine 4.4 RedHat ovirt-web-ui-0:1.9.2-1.el8ev *

Potential Mitigations

References