Vdsm
CVE-2022-0207
MEDIUM
Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text.
AnalysisAI
A race condition was found in vdsm. Rated medium severity (CVSS 4.7).
Technical ContextAI
This vulnerability is classified under CWE-362. A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text. Affected products include: Ovirt Vdsm, Redhat Virtualization, Redhat Virtualization For Ibm Power Little Endian, Redhat Virtualization Host.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. Rated medium severity (CV
It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. Rated med
Same weakness CWE-362 – Race Condition
View allSame technique Race Condition
View allShare
External POC / Exploit Code
Leaving vuln.today