0.0004 Low
EPSS
Percentile
5.1%
oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files.
bugzilla.redhat.com/show_bug.cgi?id=1369793