Lucene search

[email protected]NVD:CVE-2017-15113

HistoryJul 27, 2018 - 4:29 p.m.

CVE-2017-15113

2018-07-2716:29:00

CWE-212

CWE-532

[email protected]

web.nvd.nist.gov

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

68.3%

JSON

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.

Affected configurations

NVD

Node

ovirtovirtRange<4.1.7.6

Node

redhatvirtualizationMatch4.1

References

www.securityfocus.com/bid/101933

access.redhat.com/errata/RHEA-2017:3138

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15113

gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commitdiff%3Bh=f4a5d0cc772127dbfe40789e26c4633ceea07d14%3Bhp=e6e8704ac9eb115624ff66e2965877d8e63a45f4

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

68.3%

JSON

Related for NVD:CVE-2017-15113

osv2 redhatcve1 cve1 prion1 cvelist1 github1 nessus2