{"containers": {"cna": {"affected": [{"product": "ovirt-engine", "vendor": "n/a", "versions": [{"status": "affected", "version": "ovirt-engine 4.4.3 and earlier"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284->CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-21T16:22:22", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-35497", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ovirt-engine", "version": {"version_data": [{"version_value": "ovirt-engine 4.4.3 and earlier"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284->CWE-200"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:02:08.047Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-35497", "datePublished": "2020-12-21T16:22:22", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-04T17:02:08.047Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ovirt:ovirt-engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "40F89AB6-F2F1-4124-84D2-C10D2C445C11", "versionEndIncluding": "4.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en ovirt-engine versiones 4.4.3 y anteriores permitiendo a un usuario autenticado leer la informaci\u00f3n personal de otros usuarios, incluyendo el nombre, el correo electr\u00f3nico y la clave SSH p\u00fablica"}], "id": "CVE-2020-35497", "lastModified": "2024-11-21T05:27:25.683", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-21T17:15:12.757", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Martin Perina for reporting this issue.", "affected_release": [{"advisory": "RHSA-2021:0383", "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8", "package": "org.ovirt.engine-root-0:4.4.4.7-2", "product_name": "Red Hat Virtualization Engine 4.4", "release_date": "2021-02-02T00:00:00Z"}], "bugzilla": {"description": "ovirt-engine: non-admin user is able to access other users public SSH key", "id": "1908755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-284->CWE-200", "details": ["A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.", "A flaw was found in ovirt-engine 4.4.3 and earlier. This flaw allows an authenticated user to read other users' personal information, including the name, email, and public SSH key. The highest threat from this vulnerability is to confidentiality."], "name": "CVE-2020-35497", "public_date": "2020-12-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-35497\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-35497"], "threat_severity": "Moderate", "upstream_fix": "ovirt-engine 4.4.4.7"}