6.4 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
65.8%
The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.
gerrit.ovirt.org/
www.ovirt.org/Security_advisories