CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-10139

During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.7%

CVSS Severity

CVSS v3 Score 5.6

CVSS v2 Score 2.1

References

http://www.securityfocus.com/bid/108396
https://access.redhat.com/errata/RHSA-2019:2433
https://access.redhat.com/errata/RHSA-2019:2437
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10139
http://www.securityfocus.com/bid/108396
https://access.redhat.com/errata/RHSA-2019:2433
https://access.redhat.com/errata/RHSA-2019:2437
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10139

Products affected by CVE-2019-10139

Ovirt » Cockpit-Ovirt » Version: N/A

cpe:2.3:a:ovirt:cockpit-ovirt:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-10139

Products

Pricing

Contact Us