CVE-2019-10183
Publication date 3 July 2019
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.
Status
Package | Ubuntu Release | Status |
---|---|---|
virt-manager | 22.04 LTS jammy |
Fixed 1:3.2.0-3
|
20.04 LTS focal |
Fixed 1:2.2.1-3ubuntu2.1
|
|
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 3.3 · Low |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |