Описание
The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-522
https://bugzilla.redhat.com/show_bug.cgi?id=1081875ovirt-engine-api: session ID stored in HTML5 local storage
4.3 Medium
CVSS2
Связанные уязвимости
nvd
больше 11 лет назад
The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.
github
больше 3 лет назад
The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.
4.3 Medium
CVSS2