Ovirt-engine@* Security Vulnerabilities and Issues — Ovirt-engine@* CVE List

Lucene search

RedhatOvirt-engine*

3 matches found

CVE•added 2020/03/19 2:15 p.m.•138 views

CVE-2019-19336

A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the u...

6.1CVSS5.7AI score0.00305EPSS

CVE•added 2020/08/24 5:15 p.m.•76 views

CVE-2020-10775

An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible...

5.3CVSS5.3AI score0.00223EPSS

CVE•added 2020/12/21 5:15 p.m.•59 views

CVE-2020-35497

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.

6.5CVSS6.2AI score0.00317EPSS