PT-2015-3596 · Ovirt · Ovirt Engine
Lzhuang
·
Published
2015-02-13
·
Updated
2023-02-13
·
CVE-2014-0151
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
oVirt Engine versions prior to 3.5.0 beta2
Description
A cross-site request forgery (CSRF) issue allows remote attackers to hijack user authentication for requests that perform unspecified actions via a REST API request.
Recommendations
For versions prior to 3.5.0 beta2, update to version 3.5.0 beta2 or later to resolve the issue.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ovirt Engine