CVE-2019-10183 Information

Description

Virt-install(1) utility used to provision new virtual machines has introduced an option ‘–unattended’ to create VMs without user interaction. This option accepts guest VM password as command line arguments thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

http://www.securityfocus.com/bid/109027 https://access.redhat.com/errata/RHSA-2019:3464 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10183

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

3.3