CVE-2016-6341: Infoleak
First published: Wed Aug 24 2016(Updated: )
It was found that the value of property DWH_DB_PASSWORD can be found in the log files. Product bug: <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED CURRENTRELEASE - password DWH_DB_PASSWORD not hidden" href="show_bug.cgi?id=1363816">https://bugzilla.redhat.com/show_bug.cgi?id=1363816</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ovirt | <=4.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-6341?
CVE-2016-6341 has a medium severity rating due to the exposure of sensitive database passwords in log files.
How do I fix CVE-2016-6341?
To fix CVE-2016-6341, upgrade to a version of oVirt that addresses the logging issue and prevents sensitive information from being logged.
Which versions of oVirt are affected by CVE-2016-6341?
CVE-2016-6341 affects oVirt versions up to and including 4.0.2.
What information is exposed in CVE-2016-6341?
CVE-2016-6341 exposes the DWH_DB_PASSWORD property in log files, which can lead to potential unauthorized access.
Is there a workaround for CVE-2016-6341?
As a workaround for CVE-2016-6341, you can manually delete sensitive information from the logs, but updating to a secure version is recommended.
- agent/references
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-6341
- agent/remedy
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/ovirt
- canonical/ovirt
- version/ovirt/4.0.2