CVE-2014-7851
N/A
N/A
Summary
oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=1161730
- https://bugzilla.redhat.com/show_bug.cgi?id=1165311
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1161730
- https://bugzilla.redhat.com/show_bug.cgi?id=1165311
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.