CVE-2014-0153

Опубликовано: 08 сент. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.

Ссылки

http://gerrit.ovirt.org/#/c/25987/
Patch
http://www.ovirt.org/Security_advisories
Patch
Vendor Advisory
http://gerrit.ovirt.org/#/c/25987/
Patch
http://www.ovirt.org/Security_advisories
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ovirt:ovirt:*:*:*:*:*:*:*:*

Версия до 3.4.0 (включая)

EPSS

Процентиль: 44%

0.00217

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2014-0153

redhat

почти 12 лет назад

The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.

GHSA-mpx4-8rp2-j882

github

больше 3 лет назад

The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.

EPSS

Процентиль: 44%

0.00217

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200