Lucene search
K
RedhatQuickstart Cloud Installer

4 matches found

CVE
CVE
added 2017/04/14 6:0 p.m.71 views

CVE-2016-7060

CVE-2016-7060 describes a information-disclosure risk in Red Hat QuickStart Cloud Installer (QCI) 1.0 where the web interface does not mask password fields, enabling a physically proximate attacker to read passwords from the display. The CVSSv2/2.0 base score is 2.1 (LOW) with LOCAL attack vector...

4.6CVSS4.6AI score0.00416EPSS
CVE
CVE
added 2017/06/13 4:0 p.m.45 views

CVE-2016-5411

CVE-2016-5411 affects Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA. The file /var/lib/ovirt-engine/setup/engine-DC-config.py is world-readable and contains the deployed system’s root password, enabling potential information disclosure with high impact. The provided documents confirm thi...

10CVSS9.6AI score0.02276EPSS
CVE
CVE
added 2016/09/22 3:0 p.m.45 views

CVE-2016-6322

CVE-2016-6322 affects Red Hat QuickStart Cloud Installer (QCI). The issue is that /etc/qci/answers has world-readable permissions, enabling a local user to read the root password of the deployed system, which can lead to complete confidentiality/integrity/availability compromise of the deployed e...

8.4CVSS8AI score0.00391EPSS
CVE
CVE
added 2016/09/22 3:0 p.m.38 views

CVE-2016-6340

CVE-2016-6340 affects Red Hat QuickStart Cloud Installer (QCI): the kickstart file forces MD5 passwords on deployed systems, enabling brute-force recovery of cleartext passwords. This is described by NVD as high-impact (CVSS3 base 8.4) with local attacker access and strong confidentiality/integri...

8.4CVSS8.2AI score0.00386EPSS