CVE-2014-7851CVE-2014-7851

Affected configuration(s):

cpe:/a:ovirt:ovirt:3.2.2
cpe:/a:ovirt:ovirt:3.3:beta1
cpe:/a:ovirt:ovirt:3.3:rc1
cpe:/a:ovirt:ovirt:3.3:rc2
cpe:/a:ovirt:ovirt:3.3.0
cpe:/a:ovirt:ovirt:3.3.0.1
cpe:/a:ovirt:ovirt:3.3.1
cpe:/a:ovirt:ovirt:3.3.1:beta1
cpe:/a:ovirt:ovirt:3.3.1:rc1
cpe:/a:ovirt:ovirt:3.3.2
cpe:/a:ovirt:ovirt:3.3.2:beta1
cpe:/a:ovirt:ovirt:3.3.2:rc1
cpe:/a:ovirt:ovirt:3.3.3
cpe:/a:ovirt:ovirt:3.3.3:beta1
cpe:/a:ovirt:ovirt:3.3.3:rc1
cpe:/a:ovirt:ovirt:3.3.4
cpe:/a:ovirt:ovirt:3.3.4:beta1
cpe:/a:ovirt:ovirt:3.3.4:rc1
cpe:/a:ovirt:ovirt:3.3.5
cpe:/a:ovirt:ovirt:3.3.5:rc1
cpe:/a:ovirt:ovirt:3.4.0
cpe:/a:ovirt:ovirt:3.4.0:beta1
cpe:/a:ovirt:ovirt:3.4.0:beta2
cpe:/a:ovirt:ovirt:3.4.0:beta3
cpe:/a:ovirt:ovirt:3.4.0:rc1
cpe:/a:ovirt:ovirt:3.4.0:rc2
cpe:/a:ovirt:ovirt:3.4.0:rc3
cpe:/a:ovirt:ovirt:3.4.1
cpe:/a:ovirt:ovirt:3.4.1:rc1
cpe:/a:ovirt:ovirt:3.4.2
cpe:/a:ovirt:ovirt:3.4.2:rc1
cpe:/a:ovirt:ovirt:3.4.3
cpe:/a:ovirt:ovirt:3.4.3:rc1
cpe:/a:ovirt:ovirt:3.4.4
cpe:/a:ovirt:ovirt:3.4.4:rc1
cpe:/a:ovirt:ovirt:3.5.0

Date published: 2017-10-16T11:29:00.230-04:00

Date last modified: 2017-11-07T14:03:22.740-05:00

CVSS Score: 6.0

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: https://bugzilla.redhat.com/show_bug.cgi?id=1161730

Summary: oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user’s session data to gain that user’s privileges by replacing their session token with that of another user.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.