UBUNTU-CVE-2019-10183

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2019-10183
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-10183.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-10183
Upstream
Published
2019-07-03T14:15:00Z
Modified
2025-07-16T08:14:16.852994Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
  • 3.2 (Low) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.

References

Affected packages

Ubuntu:20.04:LTS / virt-manager

Package

Name
virt-manager
Purl
pkg:deb/ubuntu/virt-manager@1:2.2.1-3ubuntu2.1?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.2.1-3ubuntu2.1

Affected versions

1:2.*
1:2.2.1-0ubuntu2
1:2.2.1-3ubuntu1
1:2.2.1-3ubuntu2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "1:2.2.1-3ubuntu2.1",
            "binary_name": "virt-manager"
        },
        {
            "binary_version": "1:2.2.1-3ubuntu2.1",
            "binary_name": "virtinst"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-10183.json"

Ubuntu:22.04:LTS / virt-manager

Package

Name
virt-manager
Purl
pkg:deb/ubuntu/virt-manager@1:3.2.0-3?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.2.0-3

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "1:3.2.0-3",
            "binary_name": "virt-manager"
        },
        {
            "binary_version": "1:3.2.0-3",
            "binary_name": "virtinst"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-10183.json"