Medium severity5.0OSV Advisory· Published Jun 20, 2018· Updated Jun 17, 2026

CVE-2018-1117

Description

ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Ovirt/Ovirt AnsibleOSV
Range: 1.0.0, 1.0.2, 1.0.3, …

Patches

Vulnerability mechanics

References

www.securityfocus.com/bid/104186nvdThird Party AdvisoryVDB Entry
access.redhat.com/errata/RHSA-2018:1452nvdThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.325
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000