2 matches found
PT-2017-6113 · Red Hat · Ovirt
Name of the Vulnerable Software and Affected Versions: oVirt versions 3.2.2 through 3.5.0 Description: The issue allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user, due to the...
PT-2015-3596 · Ovirt · Ovirt Engine
Name of the Vulnerable Software and Affected Versions: oVirt Engine versions prior to 3.5.0 beta2 Description: A cross-site request forgery CSRF issue allows remote attackers to hijack user authentication for requests that perform unspecified actions via a REST API request. Recommendations: For...