CVE-2014-0153

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions oVirt versions 3.4.0 and earlier

Description The issue concerns the REST API in oVirt, where session IDs are stored in HTML5 local storage. This allows remote attackers to obtain sensitive information via a crafted web page.

Recommendations For versions 3.4.0 and earlier, consider disabling the use of HTML5 local storage for session IDs until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2014-0153

RHSA-2014:0506

Affected Products

Ovirt

CVE-2014-0153

Weakness Enumeration

Related Identifiers

Affected Products

References · 3