Lucene search

Veracode Vulnerability DatabaseVERACODE:21179

HistoryAug 13, 2019 - 12:29 a.m.

Information Disclosure

2019-08-1300:29:25

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

JSON

cockpit-ovirt is vulnerable to information disclosure. The admin and appliance passwords are saved in plaintext variable file during HE deployment.

CPENameOperatorVersion
cockpit-ovirteq0.10.7__0.0.18.el7ev
cockpit-ovirteq0.10.6__1.3.6.el7ev
cockpit-ovirteq0.10.7__0.0.23.el7ev
cockpit-ovirteq0.11.39__1.el7ev
cockpit-ovirteq0.10.7__0.0.21.el7ev
cockpit-ovirteq0.10.6__1.3.4.el7ev
cockpit-ovirteq0.11.33__1.el7ev
cockpit-ovirteq0.11.40__1.el7ev
cockpit-ovirteq0.12.7__1.el7ev
cockpit-ovirteq0.11.37__1.el7ev

Name	Operator	Version
cockpit-ovirt	eq	0.10.7__0.0.18.el7ev
cockpit-ovirt	eq	0.10.6__1.3.6.el7ev
cockpit-ovirt	eq	0.10.7__0.0.23.el7ev
cockpit-ovirt	eq	0.11.39__1.el7ev
cockpit-ovirt	eq	0.10.7__0.0.21.el7ev
cockpit-ovirt	eq	0.10.6__1.3.4.el7ev
cockpit-ovirt	eq	0.11.33__1.el7ev
cockpit-ovirt	eq	0.11.40__1.el7ev
cockpit-ovirt	eq	0.12.7__1.el7ev
cockpit-ovirt	eq	0.11.37__1.el7ev

Rows per page:

1-10 of 2801

References

www.securityfocus.com/bid/108396

access.redhat.com/errata/RHSA-2019:2433

access.redhat.com/errata/RHSA-2019:2437

access.redhat.com/security/cve/CVE-2019-10139

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1705911

bugzilla.redhat.com/show_bug.cgi?id=1709829

bugzilla.redhat.com/show_bug.cgi?id=1709938

bugzilla.redhat.com/show_bug.cgi?id=1719317

bugzilla.redhat.com/show_bug.cgi?id=1719327

bugzilla.redhat.com/show_bug.cgi?id=1723322

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10139

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:21179