oss-sec mailing list archives
CVE-2019-13313, CVE-2019-13314: password disclosure via command line arguments
From: P J P <ppandit () redhat com>
Date: Mon, 8 Jul 2019 16:59:35 +0530 (IST)
Hello, CVE-2019-13313Libosinfo: osinfo-install-script option leaks password via command line argument. 'osinfo-install-script' is used to generate a script for automated guest installations. It accepts user and admin passwords via command line arguments, thus leaking them via process listing.
CVE-2019-13314virt-bootstrap: allows local users to discover root password via process listing virt-bootstrap 1.1.0 allows local users to discover a root password via process listing, because it's passed as command line parameter via --root-password option.
These issues were reported by Fabiano FidĂȘncio of Red Hat Inc. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Current thread:
- CVE-2019-13313, CVE-2019-13314: password disclosure via command line arguments P J P (Jul 08)