Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-7851

Опубликовано: 16 окт. 2017
Источник: nvd
CVSS3: 7.5
CVSS2: 6
EPSS Низкий

Описание

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ovirt:ovirt:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:ovirt:ovirt:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.3:beta1:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.3:rc1:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.3:rc2:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.3.1:beta1:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.3.1:rc1:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.3.2:beta1:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.3.3:beta1:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.3.3:rc1:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.3.4:beta1:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.3.4:rc1:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.3.5:rc1:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.4.0:beta3:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.4.0:rc3:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.4.1:rc1:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.4.2:rc1:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.4.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.4.3:rc1:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.4.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.4.4:rc1:*:*:*:*:*:*
cpe:2.3:a:redhat:ovirt-engine:3.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 59%
0.00388
Низкий

7.5 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

redhat логотип

CVE-2014-7851

redhat
почти 11 лет назад

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.

github логотип

GHSA-353g-73mj-6wf9

CVSS3: 7.5
github
больше 3 лет назад

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.

EPSS

Процентиль: 59%
0.00388
Низкий

7.5 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-264