Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Red Hat oVirt 权限许可和访问控制问题漏洞
Vulnerability Description
Red Hat oVirt是美国红帽(Red Hat)公司的一套开源的虚拟化管理平台,是RHEV(企业虚拟化平台)的开源版本,由ovirt-node客户端和overt-engine管理端组成。 Red Hat oVirt 3.2.2版本至3.5.0版本存在权限许可和访问控制问题,该漏洞源于在从webadmin注销后不会使restapi会话无效,这允许知道另一个用户会话数据的远程经过身份验证的用户通过用另一个用户的会话令牌替换他们的会话令牌来获得该用户的特权。
CVSS Information
N/A
Vulnerability Type
N/A