CVE-2017-15113

MEDIUM Year: 2017
CVSS v3 Score
6.6
Medium
CVSS v2 Score
3.5
Low
Weakness Type
CWE-212
View all →

Vulnerability Description

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.

Related Vulnerabilities

CVE-2020-14301

MEDIUM
CVSS:6.5(Medium)

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows ...

CWE-2122020

CVE-2020-26965

MEDIUM
CVSS:6.5(Medium)

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers...

CWE-2122020

CVE-2021-26341

MEDIUM
CVSS:6.5(Medium)

Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.

CWE-2122021

CVE-2022-25187

MEDIUM
CVSS:6.5(Medium)

Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.

CWE-2122022

CVE-2022-29900

MEDIUM
CVSS:6.5(Medium)

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

CWE-2122022

CVE-2024-31493

MEDIUM
CVSS:6.5(Medium)

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated ...

CWE-2122024