Sensitive passwords used in deployment and configuration of oVirt Metrics were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
Name: Avital Pinnick (Red Hat)
This issue has been addressed in the following products:
Red Hat Virtualization Engine 4.3
Via RHSA-2019:2499 https://access.redhat.com/errata/RHSA-2019:2499
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):