CVE-2014-7851

Name of the Vulnerable Software and Affected Versions: oVirt versions 3.2.2 through 3.5.0

Description: The issue allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user, due to the failure to invalidate the restapi session after logout from the webadmin.

Recommendations: For oVirt versions 3.2.2 through 3.5.0, consider implementing a workaround to manually invalidate the restapi session after logout from the webadmin until a patch is available. As a temporary workaround, restrict access to sensitive operations that rely on session tokens to minimize the risk of exploitation.