Total vulnerabilities in the database
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
| Software | From | Fixed in |
|---|---|---|
| libvirt / libvirt | - | 2.2 |
| redhat / enterprise_linux_desktop | 7.0 | 7.0.x |
| redhat / enterprise_linux_workstation | 7.0 | 7.0.x |
| redhat / enterprise_linux | 6.0 | 6.0.x |
| redhat / enterprise_linux_server | 7.0 | 7.0.x |
| redhat / enterprise_linux | 5 | 5.x |
| redhat / enterprise_linux_server_tus | 7.3 | 7.3.x |
| redhat / enterprise_linux_server_aus | 7.3 | 7.3.x |
| redhat / enterprise_linux_server_aus | 7.4 | 7.4.x |
| redhat / enterprise_linux_server_eus | 7.3 | 7.3.x |
| redhat / enterprise_linux_server_eus | 7.4 | 7.4.x |
| redhat / enterprise_linux_server_eus | 7.5 | 7.5.x |
| redhat / enterprise_linux_eus | 7.3 | 7.3.x |
| redhat / enterprise_linux_eus | 7.4 | 7.4.x |
| redhat / enterprise_linux_eus | 7.5 | 7.5.x |
| redhat / virtualization | 3.0 | 3.0.x |
| redhat / enterprise_linux_server_tus | 7.6 | 7.6.x |
| redhat / enterprise_linux_server_eus | 7.6 | 7.6.x |
| redhat / enterprise_linux_server_aus | 7.6 | 7.6.x |
| redhat / enterprise_linux_eus | 7.6 | 7.6.x |