oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2017-10-16T15:00:00

Updated: 2024-08-06T13:03:27.480Z

Reserved: 2014-10-03T00:00:00

Link: CVE-2014-7851

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-10-16T15:29:00.230

Modified: 2024-11-21T02:18:08.517

Link: CVE-2014-7851

cve-icon Redhat

Severity : Moderate

Publid Date: 2015-02-17T00:00:00Z

Links: CVE-2014-7851 - Bugzilla