Due to a missing no_log directive, the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosed admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation.
This issue has been addressed in the following products:
Red Hat Virtualization Engine 4.1
Via RHSA-2018:1452 https://access.redhat.com/errata/RHSA-2018:1452