Bug 1456590 (CVE-2017-7510) - CVE-2017-7510 RHV 4: ovirt-engine exposes cloud-init root password via REST API
Summary: CVE-2017-7510 RHV 4: ovirt-engine exposes cloud-init root password via REST API
Status: NEW
Alias: CVE-2017-7510
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20170727,repor...
Keywords: Security
: 1456587 1456588 (view as bug list)
Depends On: 1456412 1472077
Blocks: 1456591
TreeView+ depends on / blocked
 
Reported: 2017-05-29 17:34 UTC by Kurt Seifried
Modified: 2019-06-08 22:02 UTC (History)
15 users (show)

(edit)
It is reported that the RHV 4 REST API exposes data used in cloud-init which can include the root password used when creating a system.
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)

Description Kurt Seifried 2017-05-29 17:34:15 UTC
It is reported that the RHV 4 REST API exposes data used in cloud-init which can include the root password used when creating a system.

Comment 1 Kurt Seifried 2017-05-30 18:52:59 UTC
*** Bug 1456587 has been marked as a duplicate of this bug. ***

Comment 2 Kurt Seifried 2017-05-30 18:53:12 UTC
*** Bug 1456588 has been marked as a duplicate of this bug. ***

Comment 6 Doran Moppert 2019-03-18 02:39:00 UTC
This issue was addressed in RHEA-2017:1814 with ovirt-engine-4.1.3.2.


Note You need to log in before you can comment on or make changes to this bug.