Описание
oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
It was found that oVirt did not correctly terminate sessions when a user logged out from the web interface. Upon logout, only the engine session was invalidated but the restapi session persisted. An attacker able to obtain the session data, and able to log in with their own credentials, could replace their session token with the stolen token and elevate their privileges to those of the victim user. Note that in order for this flaw to be exploited, the attacker must also have a valid login and authenticate successfully.
Дополнительная информация
Статус:
4.6 Medium
CVSS2
Связанные уязвимости
oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
4.6 Medium
CVSS2