Lucene search
RedhatCVELIST:CVE-2024-0822HistoryJan 25, 2024 - 3:18 p.m.
CVE-2024-0822 Ovirt: authentication bypass
2024-01-2515:18:20
CWE-1390
redhat
www.cve.org
ovirt
authentication
bypass
createusersession
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
33.5%
An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.
CNA Affected
[
{
"versions": [
{
"status": "affected",
"version": "4.5.0",
"lessThan": "4.5.6",
"versionType": "semver"
}
],
"packageName": "ovirt-engine",
"collectionURL": "https://ovirt.org/",
"defaultStatus": "unaffected"
},
{
"vendor": "Red Hat",
"product": "Red Hat Virtualization Engine 4.4",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "ovirt-engine",
"defaultStatus": "affected",
"versions": [
{
"version": "0:4.5.3.10-1.el8ev",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:rhev_manager:4.4:el8"
]
}
]Related
prion
prion
Authentication flaw
2024-01-25 16:15:00
nessus
nessus
RHEL 8 : Red Hat Virtualization (RHSA-2024:0934)
2024-02-21 00:00:00
nvd
nvd
CVE-2024-0822
2024-01-25 16:15:08
redhatcve
redhatcve
CVE-2024-0822
2024-01-24 15:33:57
redhat
redhat
cve
cve
CVE-2024-0822
2024-01-25 16:15:08
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
33.5%
Related for CVELIST:CVE-2024-0822