Vulnerabilities > CVE-2017-7510 - Unspecified vulnerability in Redhat Ovirt-Engine 4.1.0

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

NVD

Published: 2019-03-25

Updated: 2024-11-21

Summary

In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Ovirt Engine 4.1.0	1

Redhat

rpms

ovirt-engine-0:4.1.4.2-0.1.el7
ovirt-engine-backend-0:4.1.4.2-0.1.el7
ovirt-engine-dbscripts-0:4.1.4.2-0.1.el7
ovirt-engine-extensions-api-impl-0:4.1.4.2-0.1.el7
ovirt-engine-extensions-api-impl-javadoc-0:4.1.4.2-0.1.el7
ovirt-engine-lib-0:4.1.4.2-0.1.el7
ovirt-engine-restapi-0:4.1.4.2-0.1.el7
ovirt-engine-setup-0:4.1.4.2-0.1.el7
ovirt-engine-setup-base-0:4.1.4.2-0.1.el7
ovirt-engine-setup-plugin-ovirt-engine-0:4.1.4.2-0.1.el7
ovirt-engine-setup-plugin-ovirt-engine-common-0:4.1.4.2-0.1.el7
ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.1.4.2-0.1.el7
ovirt-engine-setup-plugin-websocket-proxy-0:4.1.4.2-0.1.el7
ovirt-engine-tools-0:4.1.4.2-0.1.el7
ovirt-engine-tools-backup-0:4.1.4.2-0.1.el7
ovirt-engine-userportal-0:4.1.4.2-0.1.el7
ovirt-engine-vmconsole-proxy-helper-0:4.1.4.2-0.1.el7
ovirt-engine-webadmin-portal-0:4.1.4.2-0.1.el7
ovirt-engine-websocket-proxy-0:4.1.4.2-0.1.el7
rhevm-0:4.1.4.2-0.1.el7

References

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.