CVE-2014-7851 - CERT CVE
ID CVE-2014-7851
Sažetak oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
Reference
CVSS
Base: 6.0
Impact: 6.4
Exploitability:6.8
Pristup
VektorSloženostAutentikacija
NETWORK MEDIUM SINGLE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL PARTIAL
CVSS vektor AV:N/AC:M/Au:S/C:P/I:P/A:P
Zadnje važnije ažuriranje 13-02-2023 - 00:42
Objavljeno 16-10-2017 - 15:29