Bug 1553529 (CVE-2018-1074)
| Summary: | CVE-2018-1074 ovirt-engine: API exposes power management credentials to administrators | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Doran Moppert <dmoppert> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | bmcclain, dmoppert, eedri, lsurette, mgoldboi, michal.skrivanek, nobody, sbonazzo, security-response-team, sherold, srevivo, ykaul |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ovirt-engine 4.2.2.5, ovirt-engine 4.1.11.2 | Doc Type: | If docs needed, set a value |
| Doc Text: |
The ovirt-engine API and administration web portal exposed Power Management credentials including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-10-21 19:57:52 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1558800 | ||
| Bug Blocks: | 1553207 | ||
|
Description
Doran Moppert
2018-03-09 02:03:01 UTC
Doran, which version is affected by this bug? Has this issue been already fixed? This bug has no useful information for addressing the issue. Is the issue handled in bug #1553207 ? I have no access to it. This issue was addressed in Red Hat Virtualization Manager (ovirt-engine) 4.1.11 via: https://access.redhat.com/errata/RHBA-2018:1219 |