oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2017-10-16T15:00:00
Updated: 2024-08-06T13:03:27.480Z
Reserved: 2014-10-03T00:00:00
Link: CVE-2014-7851
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-10-16T15:29:00.230
Modified: 2024-11-21T02:18:08.517
Link: CVE-2014-7851
Redhat