Skip to main content

Quickstart Cloud Installer

4 CVEs product

Monthly

CVE-2016-5411 CRITICAL Act Now

/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Quickstart Cloud Installer
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-7060 MEDIUM This Month

The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Quickstart Cloud Installer
NVD
CVSS 3.0
4.6
EPSS
0.1%
CVE-2016-6340 HIGH This Week

The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Quickstart Cloud Installer
NVD
CVSS 3.0
8.4
EPSS
0.1%
CVE-2016-6322 HIGH This Week

Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Quickstart Cloud Installer
NVD
CVSS 3.0
8.4
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL Act Now

/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Quickstart Cloud Installer
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Quickstart Cloud Installer
NVD
EPSS 0% CVSS 8.4
HIGH This Week

The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Quickstart Cloud Installer
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Quickstart Cloud Installer
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy