Main Vulnerability Database Vulnerabilities #VU33023

Information disclosure - CVE-2019-10183

Published: July 3, 2019 / Updated: August 3, 2020

Vulnerability identifier: #VU33023

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-10183

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a local authenticated user to gain access to sensitive information.

Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.

How to mitigate CVE-2019-10183

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/109027
https://access.redhat.com/errata/RHSA-2019:3464
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10183

Information disclosure - CVE-2019-10183

Detailed vulnerability description

How to mitigate CVE-2019-10183

Sources

Please verify you're human