Security Advisory

CVE-2014-7851

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-10-16 15:00:00

Last updated 2024-08-06 13:03:27

Assigner redhat

State PUBLISHED

Description

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another users session data to gain that users privileges by replacing their session token with that of another user.

← Browse all CVEs View on cve.org ↗