What is CVE-2017-15113?

CVE-2017-15113 is a high-severity vulnerability in Red Hat Ovirt-engine, classified under Improper Removal of Sensitive Information Before Storage or Transfer. CVSS score: 7.2/10. Published 2018-07-27.

How severe is CVE-2017-15113?

High severity. CVSS v3 base score is 7.2 out of 10.

Vulnerability in Red Hat Ovirt-engine

CVE-2017-15113

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-l…

EPSS: 0.003 (57.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H.

Affected products

Red Hat Ovirt-engine — versions 4.1.7.6

Weakness classification (CWE)

CWE-212 — Improper Removal of Sensitive Information Before Storage or Transfer

References

gerrit.ovirt.org/gitweb (x_refsource_CONFIRM)
101933 (vdb-entry, x_refsource_BID)
RHEA-2017:3138 (x_refsource_REDHAT, vendor-advisory)
bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2017-15113?: CVE-2017-15113 is a high-severity vulnerability in Red Hat Ovirt-engine, classified under Improper Removal of Sensitive Information Before Storage or Transfer. CVSS score: 7.2/10. Published 2018-07-27.
How severe is CVE-2017-15113?: High severity. CVSS v3 base score is 7.2 out of 10.