CVE-2014-0152

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

Published: Sep 8, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-0152
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ovirt / ovirt	-	3.4.0.x
redhat / ovirt-engine	3.0.0	3.0.0.x
redhat / ovirt-engine	3.1.0	3.1.0.x
redhat / ovirt-engine	3.2.0	3.2.0.x
redhat / ovirt-engine	3.3.0	3.3.0.x
redhat / ovirt-engine	3.3.2-rc1	3.3.2-rc1.x
redhat / ovirt-engine	3.3.3	3.3.3.x
redhat / ovirt-engine	3.3.4	3.3.4.x
redhat / ovirt-engine	3.3.5	3.3.5.x
redhat / ovirt-engine	3.4.0-rc1	3.4.0-rc1.x

http://gerrit.ovirt.org/#/c/25959/
http://www.ovirt.org/Security_advisories

Vulnerability Database

289,599

CVE-2014-0152