Back to bug 1371428
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Martin Prpič | 2016-08-30 08:17:55 UTC | Blocks | 1371429 | |
| Yedidyah Bar David | 2016-08-30 10:09:36 UTC | Group | private | |
| CC | didi | |||
| Martin Prpič | 2016-08-30 11:02:55 UTC | Group | private | |
| Kurt Seifried | 2016-08-30 15:45:20 UTC | Depends On | 1371612 | |
| Kurt Seifried | 2016-08-30 15:45:31 UTC | Depends On | 1371613 | |
| Kurt Seifried | 2016-09-28 19:53:23 UTC | Doc Text | It was found that the ovirt-engine-provisiondb utility did not correctly sanitize the authentication details used with the “—provision*db” options from the output before storing them in log files. This could allow an attacker with read access to these log files to obtain sensitive information such as passwords. | |
| Kurt Seifried | 2016-09-29 19:12:10 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Whiteboard | impact=moderate,public=20160830,reported=20160829,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N,cwe=CWE-312,rhev-m-4/ovirt-engine=affected,rhev-m-3/ovirt-engine=affected | impact=moderate,public=20160830,reported=20160829,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N,cwe=CWE-312,rhev-m-4/ovirt-engine=affected,rhev-m-3/ovirt-engine=wontfix | ||
| Last Closed | 2016-09-29 15:12:10 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:55:15 UTC | Whiteboard | impact=moderate,public=20160830,reported=20160829,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N,cwe=CWE-312,rhev-m-4/ovirt-engine=affected,rhev-m-3/ovirt-engine=wontfix |
Back to bug 1371428