Lucene search
K

ovirt-engine: Missing permissions check in web ui allows a user with basic privileges to delete disks

🗓️ 23 Apr 2019 08:46:06Reported by RedHatType 
redhat
 redhat
🔗 access.redhat.com👁 3 Views

In ovirt engine, RemoveDiskCommand bypasses permission checks, letting basic users delete guest disks.

Related
Packages
Refs
ReporterTitlePublishedViews
Family
CVE
CVE-2019-3879
25 Mar 201918:30
cve
Cvelist
CVE-2019-3879
25 Mar 201918:30
cvelist
EUVD
EUVD-2019-13490
7 Oct 202500:30
euvd
NVD
CVE-2019-3879
25 Mar 201919:29
nvd
OSV
CVE-2019-3879
25 Mar 201919:29
osv
OSV
RHBA-2019:0802 Red Hat Bug Fix Advisory: Red Hat Virtualization Manager (ovirt-engine) 4.2.8
16 Sep 202402:23
osv
Prion
Design/Logic Flaw
25 Mar 201919:29
prion
RedhatCVE
CVE-2019-3879
25 Mar 201906:19
redhatcve
RedHat Linux
Important: Red Hat Bug Fix Advisory: Red Hat Virtualization Manager (ovirt-engine) 4.2.8
23 Apr 201908:46
redhat
OSOS VersionArchitecturePackagePackage VersionFilename
Red Hat Enterprise Linux7anyovirt-engine0:4.2.8.7-0.1.el7evovirt-engine-0:4.2.8.7-0.1.el7ev.noarch.rpm
Red Hat Enterprise Linux7anyovirt-engine-backend0:4.2.8.7-0.1.el7evovirt-engine-backend-0:4.2.8.7-0.1.el7ev.noarch.rpm
Red Hat Enterprise Linux7anyovirt-engine-dbscripts0:4.2.8.7-0.1.el7evovirt-engine-dbscripts-0:4.2.8.7-0.1.el7ev.noarch.rpm
Red Hat Enterprise Linux7anyovirt-engine-extensions-api-impl0:4.2.8.7-0.1.el7evovirt-engine-extensions-api-impl-0:4.2.8.7-0.1.el7ev.noarch.rpm
Red Hat Enterprise Linux7anyovirt-engine-extensions-api-impl-javadoc0:4.2.8.7-0.1.el7evovirt-engine-extensions-api-impl-javadoc-0:4.2.8.7-0.1.el7ev.noarch.rpm
Red Hat Enterprise Linux7anyovirt-engine-health-check-bundler0:4.2.8.7-0.1.el7evovirt-engine-health-check-bundler-0:4.2.8.7-0.1.el7ev.noarch.rpm
Red Hat Enterprise Linux7anyovirt-engine-lib0:4.2.8.7-0.1.el7evovirt-engine-lib-0:4.2.8.7-0.1.el7ev.noarch.rpm
Red Hat Enterprise Linux7anyovirt-engine-restapi0:4.2.8.7-0.1.el7evovirt-engine-restapi-0:4.2.8.7-0.1.el7ev.noarch.rpm
Red Hat Enterprise Linux7anyovirt-engine-setup0:4.2.8.7-0.1.el7evovirt-engine-setup-0:4.2.8.7-0.1.el7ev.noarch.rpm
Red Hat Enterprise Linux7anyovirt-engine-setup-base0:4.2.8.7-0.1.el7evovirt-engine-setup-base-0:4.2.8.7-0.1.el7ev.noarch.rpm
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Nov 2025 17:21Current
6.7Medium risk
Vulners AI Score6.7
CVSS 25.5
CVSS 3.18.1
CVSS 36.5
EPSS0.01864
3