CVE-2019-10194
First published: Tue Jul 02 2019(Updated: )
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ovirt Ovirt | ||
| Redhat Virtualization Manager | =4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-10194?
CVE-2019-10194 is a vulnerability that affects oVirt Metrics and Redhat Virtualization Manager versions 4.3. It allows sensitive passwords used in deployment and configuration of the software to be disclosed in log files or playbooks.
How severe is CVE-2019-10194?
CVE-2019-10194 has a severity score of 5.5, which is classified as medium.
Which software versions are affected by CVE-2019-10194?
CVE-2019-10194 affects all versions of oVirt Metrics and specifically version 4.3 of Redhat Virtualization Manager.
How can sensitive passwords be disclosed in CVE-2019-10194?
Sensitive passwords can be disclosed in log files if playbooks are run with the -v flag or in playbooks stored on Metrics or Bastion hosts.
Where can I find more information about CVE-2019-10194?
You can find more information about CVE-2019-10194 at the following references: [1] [2] [3]
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-10194
- vendor/ovirt
- canonical/ovirt ovirt
- vendor/redhat
- canonical/redhat virtualization manager
- version/redhat virtualization manager/4.3