← back
CVE-2019-10194

CVE-2019-10194

CVSS 5.9 MEDIUMEPSS 0.3%CWE-532
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.9EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
11 Jul 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Affected products
Red Hat · ovirt-engine-metrics

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2019:2499https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10194http://www.securityfocus.com/bid/109140