关键漏洞信息 CVE ID: CVE-2020-10775 漏洞类型: Redirect to arbitrary URL allows for phishing 影响产品: ovirt-engine 影响版本: 4.4.2及以下版本 报告时间: 2020-06-16 修复时间: 2020-08-04 修复版本: ovirt-engine 4.4.2 漏洞描述: Open redirect vulnerability allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. 修复详情: RHSA-2020:3247 - https://access.redhat.com/errata/RHSA-2020:3247 代码修复 commit: https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=6953a1072f5a563664fd8992f31637dae66435fc 上游变更日志: https://www.ovirt.org/release/4.4.2/