Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-10775

Опубликовано: 04 авг. 2020
Источник: redhat
CVSS3: 5.3

Описание

An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.

An Open redirect vulnerability was found in ovirt-engine versions 4.4.1 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.

Отчет

In Red Hat Gluster Storage 3, ovirt-engine(included in rhsc) was shipped as a part of Red Hat Gluster Storage Console that is no longer supported for use with Red Hat Gluster Storage 3.5. Red Hat Gluster Storage Web Administration is now the recommended monitoring tool for Red Hat Storage Gluster clusters. However, the vulnerable code is not included in the shipped version of ovirt-engine hence not affected by this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Storage 3rhscOut of support scope
Red Hat Virtualization Engine 4.4org.ovirt.engine-rootFixedRHSA-2020:324704.08.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-451->CWE-601
https://bugzilla.redhat.com/show_bug.cgi?id=1847420ovirt-engine: Redirect to arbitrary URL allows for phishing

5.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-10775

CVSS3: 5.3
nvd
больше 5 лет назад

An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.

github логотип

GHSA-7wqr-p83r-v6rj

github
больше 3 лет назад

An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.

fstec логотип

BDU:2020-03896

CVSS3: 5.3
fstec
больше 5 лет назад

Уязвимость средства управления виртуальной инфраструктурой Ovirt, связанная с использованием открытой переадресации, позволяющая нарушителю перенаправить пользователя на произвольные веб-сайт

5.3 Medium

CVSS3