CVE-2019-10183

NameCVE-2019-10183
DescriptionVirt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
virt-manager (PTS)bullseye1:3.2.0-3fixed
bookworm1:4.1.0-2fixed
trixie1:5.0.0-3fixed
sid1:5.0.0-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
virt-managersource(unstable)(not affected)

Notes

- virt-manager <not-affected> (Vulnerable code introduced in v2.2.0)
https://www.redhat.com/archives/virt-tools-list/2019-July/msg00014.html
Search for package or bug name: Reporting problems