PT-2020-6676 · Ovirt · Ovirt Engine

Marian Rehak

Published

2020-12-21

Updated

2020-12-22

CVE-2020-35497

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions ovirt-engine versions 4.4.3 and earlier

Description A flaw in ovirt-engine allows an authenticated user to read other users' personal information, including name, email, and public SSH key. This issue is related to information disclosure.

Recommendations For ovirt-engine versions 4.4.3 and earlier, update to a version later than 4.4.3 to resolve the issue. As a temporary workaround, consider restricting access to personal information until a patch is available.

Fix

Improper Access Control

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-200

Related Identifiers

BDU:2022-03986

CVE-2020-35497

RHSA-2021:0383

Affected Products

Ovirt Engine

PT-2020-6676 · Ovirt · Ovirt Engine

CVE-2020-35497

Weakness Enumeration

Related Identifiers

Affected Products

References · 7