{
  "threat_severity" : "Low",
  "public_date" : "2018-03-06T00:00:00Z",
  "bugzilla" : {
    "description" : "ovirt-engine: When Wipe After Delete (WAD) and Enable Discard are both enabled for a VM disk, discarded data might not be wiped after the disk is removed.",
    "id" : "1549944",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1549944"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.2",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-212",
  "details" : [ "A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM.", "It was discovered that the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM." ],
  "acknowledgement" : "This issue was discovered by Idan Shaby (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat Virtualization Engine 4.1",
    "release_date" : "2018-01-24T00:00:00Z",
    "advisory" : "RHBA-2018:0135",
    "cpe" : "cpe:/a:redhat:rhev_manager:4",
    "package" : "org.ovirt.engine-root-0:4.1.9.1-1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Storage 3",
    "fix_state" : "Not affected",
    "package_name" : "org.ovirt.engine-root",
    "cpe" : "cpe:/a:redhat:storage:3"
  }, {
    "product_name" : "Red Hat Virtualization 4",
    "fix_state" : "Will not fix",
    "package_name" : "ovirt-engine",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-1062\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1062\nhttps://gerrit.ovirt.org/#/c/84861\nhttps://gerrit.ovirt.org/#/c/84875" ],
  "name" : "CVE-2018-1062",
  "csaw" : false
}