Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.

Published : 2019-07-03 14:15 Updated : 2019-10-09 23:44

CVSS Score More info
Score 2.1 / 10
Vendor Product Version URI
Redhat Virt-manager 2.2.0 cpe:/a:redhat:virt-manager:2.2.0
Redhat Enterprise Linux 8.0 cpe:/o:redhat:enterprise_linux:8.0
  1. Redhat (2) Search CVE
    1. Virt-manager (1) Search CVE
      1. 2.2.0
    2. Enterprise Linux (1) Search CVE
      1. 8.0


ID Name Description Links
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

History of changes

Date Event
2019-07-12 16:08
2019-07-03 16:01