Candidate: CVE-2019-10183
PublicDate: 2019-07-03 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10183
 https://www.redhat.com/archives/virt-tools-list/2019-July/msg00014.html
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10183
Description:
 Virt-install(1) utility used to provision new virtual machines has
 introduced an option '--unattended' to create VMs without user interaction.
 This option accepts guest VM password as command line arguments, thus
 leaking them to others users on the system via process listing. It was
 introduced recently in the virt-manager v2.2.0 release.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [3.3 LOW]


Patches_virt-manager:
upstream_virt-manager: released (2.2.1)
precise/esm_virt-manager: DNE
trusty_virt-manager: ignored (out of standard support)
trusty/esm_virt-manager: DNE
xenial_virt-manager: not-affected (code not present)
bionic_virt-manager: not-affected (code not present)
cosmic_virt-manager: not-affected (code not present)
disco_virt-manager: not-affected (code not present)
eoan_virt-manager: ignored (reached end-of-life)
focal_virt-manager: released (1:2.2.1-3ubuntu2.1)
groovy_virt-manager: ignored (reached end-of-life)
hirsute_virt-manager: released (1:3.2.0-3)
impish_virt-manager: released (1:3.2.0-3)
jammy_virt-manager: released (1:3.2.0-3)
devel_virt-manager: released (1:3.2.0-3)