oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2019-13313, CVE-2019-13314: password disclosure via command line arguments

From: P J P <ppandit () redhat com>
Date: Mon, 8 Jul 2019 16:59:35 +0530 (IST)
  Hello,

CVE-2019-13313
Libosinfo: osinfo-install-script option leaks password via command line argument. 'osinfo-install-script' is used to generate a script for automated guest installations. It accepts user and admin passwords via command line arguments, thus leaking them via process listing. 

CVE-2019-13314
virt-bootstrap: allows local users to discover root password via process listing virt-bootstrap 1.1.0 allows local users to discover a root password via process listing, because it's passed as command line parameter via --root-password option. 

These issues were reported by Fabiano FidĂȘncio of Red Hat Inc.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Previous By Date Next
Previous By Thread Next

Current thread: