A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, "osinfo-install-script", accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system users via a process listing