GHSA-m833-87vf-576c

Source

https://github.com/advisories/GHSA-m833-87vf-576c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m833-87vf-576c/GHSA-m833-87vf-576c.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-m833-87vf-576c

Withdrawn

2023-08-18T21:25:10Z

Published

2022-05-13T01:37:34Z

Modified

2024-02-17T05:32:18.384738Z

Severity

6.6 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

ovirt-engine Logs Plaintext Passwords To File

Details

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.

Database specific

{
    "nvd_published_at": "2018-07-27T16:29:00Z",
    "cwe_ids": [
        "CWE-532"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-25T22:33:08Z"
}

References

Affected packages

Maven / org.ovirt.engine.sdk:ovirt-engine-sdk-java

Package

Name: org.ovirt.engine.sdk:ovirt-engine-sdk-java; View open source insights on deps.dev
Purl: pkg:maven/org.ovirt.engine.sdk/ovirt-engine-sdk-java

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.7.6

Affected versions

1.*

1.0.0.1-1

1.0.0.2-1

1.0.0.3

1.0.0.3-1

1.0.0.4-1

1.0.0.5-1

1.0.0.6-1

1.0.0.7-1

1.0.0.8-1

1.0.0.9-1

1.0.0.10-1

1.0.0.11-1

1.0.0.16-1

1.0.0.17-1

1.0.0.18-1

1.0.0.19-1

3.*

3.3.3.0

3.3.5.0

3.4.0.1-1

3.4.0.2

3.4.0.7

3.4.1.1

3.4.1.2

3.4.3.0

3.4.4.0

3.5.0.2

3.5.0.3

3.5.0.4

3.5.0.5

3.5.1.0

3.5.2.0

3.5.2.1

3.5.4.0

3.5.6.0

3.6.0.0

3.6.0.1

3.6.0.3

3.6.3.0

3.6.8.0

3.6.10.0