1363738 – (CVE-2016-6310) CVE-2016-6310 ovirt-engine: ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD disclosed in log file

Bug 1363738 (CVE-2016-6310) - CVE-2016-6310 ovirt-engine: ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD disclosed in log file

Summary: CVE-2016-6310 ovirt-engine: ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD disclosed i...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2016-6310
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1360387 1366796 1370624 1370625
Blocks:	1363739
TreeView+	depends on / blocked

Reported:	2016-08-03 13:07 UTC by Martin Prpič
Modified:	2021-02-17 03:28 UTC (History)
CC List:	22 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2016-08-26 20:15:00 UTC
Embargoed:

Attachments	(Terms of Use)

Description Martin Prpič 2016-08-03 13:07:54 UTC

It was reported that the contents of the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD environment variable set by ovirt-engine are exposed in the /var/log/ovirt-engine/engine.log file.

Comment 1 Martin Prpič 2016-08-03 13:08:06 UTC

Acknowledgments:

Name: Jiri Belka (Red Hat)

Comment 4 Kurt Seifried 2016-08-26 20:15:00 UTC

This was fixed in RHEV 4.0 GA.

Note You need to log in before you can comment on or make changes to this bug.

aavati
alonbl
bmcclain
dblechte
eedri
fdeutsch
gklein
lsurette
mgoldboi
michal.skrivanek
nobody
rbalakri
rfortier
security-response-team
sgirijan
sherold
smohan
srevivo
ssaha
vbellur
ykaul
ylavi