CVE-2019-10183

Name
CVE-2019-10183
Description
Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.
NVD Severity
low
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10183
Third Party Advisory http://www.securityfocus.com/bid/109027
REDHAT https://access.redhat.com/errata/RHSA-2019:3464

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:redhat:virt-manager:2.2.0:*:*:*:*:*:*:* virt-manager == None == 2.2.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status