virt-bootstrap 1.1.0 allows local users to discover a root password by listing a process, because this password may be present in the --root-password option to virt_bootstrap.py. Reference: https://github.com/virt-manager/virt-bootstrap/releases https://www.redhat.com/archives/virt-tools-list/2019-July/msg00043.html
Created virt-bootstrap tracking bugs for this issue: Affects: fedora-all [bug 1727771]
Acknowledgments: Name: Fabiano Fidêncio (Red Hat)
External References: https://www.openwall.com/lists/oss-security/2019/07/08/3
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.