PT-2020-3563 · Ovirt · Ovirt Engine

Chen Huiliang

Published

2020-06-16

Updated

2020-09-04

CVE-2020-10775

CVSS v2.0

5.4

Medium

Vector

AV:N/AC:H/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions oVirt-engine versions 4.4 and earlier

Description The issue allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality. It is related to the use of open redirect, which can be exploited by a remote attacker to redirect a user to a specially crafted link.

Recommendations For versions 4.4 and earlier, update to a version later than 4.4 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

Fix

Open Redirect

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601CWE-451

Related Identifiers

BDU:2020-03896

CVE-2020-10775

RHSA-2020:3247

Affected Products

Ovirt Engine

PT-2020-3563 · Ovirt · Ovirt Engine

CVE-2020-10775

Weakness Enumeration

Related Identifiers

Affected Products

References · 5