Bug 1456590 (CVE-2017-7510) - CVE-2017-7510 RHV 4: ovirt-engine exposes cloud-init root password via REST API
Summary: CVE-2017-7510 RHV 4: ovirt-engine exposes cloud-init root password via REST API
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-7510
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 1456587 1456588 (view as bug list)
Depends On: 1456412 1472077
Blocks: 1456591
TreeView+ depends on / blocked
 
Reported: 2017-05-29 17:34 UTC by Kurt Seifried
Modified: 2021-10-27 10:52 UTC (History)
12 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2021-10-27 10:52:51 UTC
Embargoed:

Attachments (Terms of Use)

Description Kurt Seifried 2017-05-29 17:34:15 UTC 
It is reported that the RHV 4 REST API exposes data used in cloud-init which can include the root password used when creating a system.
Comment 1 Kurt Seifried 2017-05-30 18:52:59 UTC 
*** Bug 1456587 has been marked as a duplicate of this bug. ***
Comment 2 Kurt Seifried 2017-05-30 18:53:12 UTC 
*** Bug 1456588 has been marked as a duplicate of this bug. ***
Comment 6 Doran Moppert 2019-03-18 02:39:00 UTC 
This issue was addressed in RHEA-2017:1814 with ovirt-engine-4.1.3.2.
Note You need to log in before you can comment on or make changes to this bug.