OpenCVE

The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ovirt	Ovirt
Redhat	Rhev Manager

Configuration 1 [-]

cpe:2.3:a:ovirt:ovirt:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
RHEV Manager version 3.4
org.ovirt.engine-root-0:3.4.0-21	cpe:/a:redhat:rhev_manager:3	RHSA-2014:0506	2014-06-09T00:00:00Z

References

Link	Providers
http://gerrit.ovirt.org/#/c/25987/
http://www.ovirt.org/Security_advisories
https://nvd.nist.gov/vuln/detail/CVE-2014-0153
https://www.cve.org/CVERecord?id=CVE-2014-0153

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-09-08T14:00:00

Updated: 2024-08-06T09:05:38.955Z

Reserved: 2013-12-03T00:00:00

Link: CVE-2014-0153

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-09-08T14:55:02.467

Modified: 2024-11-21T02:01:29.480

Link: CVE-2014-0153

Redhat

Severity : Moderate

Publid Date: 2014-03-17T00:00:00Z

Links: CVE-2014-0153 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object