Ovirt-engine-setup Security Vulnerabilities

CVE-2018-1000018

An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log...

CVE-2018-1072

ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database...