CVE-2020-35497

Опубликовано: 18 дек. 2020

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.

A flaw was found in ovirt-engine 4.4.3 and earlier. This flaw allows an authenticated user to read other users' personal information, including the name, email, and public SSH key. The highest threat from this vulnerability is to confidentiality.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-284->CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1908755ovirt-engine: non-admin user is able to access other users public SSH key

EPSS

Процентиль: 54%

0.00317

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2020-35497

CVSS3: 6.5

nvd

около 5 лет назад

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.

GHSA-wvmj-h4cr-4hm5

github

больше 3 лет назад

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.

BDU:2022-03986

CVSS3: 6.5

fstec

около 5 лет назад

Уязвимость средства управления виртуальной инфраструктурой Ovirt, связанная с раскрытием информации, позволяющая нарушителю получить доступ к открытому ключу SSH других пользователей

EPSS

Процентиль: 54%

0.00317

Низкий

6.5 Medium

CVSS3