CVE-2017-15113 Vulnerability Details

  /     /     /  

CVE-2017-15113 Metadata Quick Info

CVE Published: 27/07/2018 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: redhat | Vendor: Red Hat | Product: ovirt-engine
Status : PUBLISHED

---

CVE-2017-15113 Description

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-212
CWE Name: CWE-212
Source: Red Hat

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).