漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (eg Basic Operations) could exploit this flaw to delete disks attached to guests.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
ovirt REST API 授权问题漏洞
Vulnerability Description
ovirt REST API是一款为ovirt引擎提供应用程序编程接口的软件包。 ovirt REST API 4.3.2.1之前版本中存在安全漏洞,该漏洞源于Web用户界面缺少权限检查。攻击者可利用该漏洞删除磁盘。
CVSS Information
N/A
Vulnerability Type
N/A