Ovirt: Security Vulnerabilities
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation
CVSS Score
7.8
EPSS Score
0.001
Published
2019-12-10
mom creates world-writable pid files in /var/run
CVSS Score
7.8
EPSS Score
0.001
Published
2019-12-02
vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate)
CVSS Score
7.5
EPSS Score
0.002
Published
2019-11-25
ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-01
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.
CVSS Score
5.9
EPSS Score
0.001
Published
2019-07-11
During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ansible variable file `/var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var` which contains the admin and the appliance passwords as plain-text. At the of the deployment procedure, these files are deleted.
CVSS Score
5.6
EPSS Score
0.001
Published
2019-05-17
It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (eg Basic Operations) could exploit this flaw to delete disks attached to guests.
CVSS Score
6.5
EPSS Score
0.006
Published
2019-03-25
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.
CVSS Score
6.4
EPSS Score
0.001
Published
2019-03-25
It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-08-09
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.
CVSS Score
7.2
EPSS Score
0.003
Published
2018-07-27