cnvd - cnvd-2017-34619

cnvd-2017-34619

Vulnerability from cnvd

Title: Red Hat oVirt权限获取漏洞

Description:

Red Hat Ovirt是美国红帽（Red Hat）公司的一套开源的虚拟化管理平台，是RHEV（企业虚拟化平台）的开源版本，由ovirt-node客户端和overt-engine管理端组成。

Red Hat oVirt 3.2.2版本至3.5.0版本中存在安全漏洞，该漏洞源于用户在从webadmin注销后，程序未能使restapi会话失效。远程攻击者可通过使用其他用户的会话令牌替换该用户的令牌利用该漏洞获取用户权限。

Severity: 中

Patch Name: Red Hat oVirt权限获取漏洞的补丁

Patch Description:

Red Hat Ovirt是美国红帽（Red Hat）公司的一套开源的虚拟化管理平台，是RHEV（企业虚拟化平台）的开源版本，由ovirt-node客户端和overt-engine管理端组成。

Red Hat oVirt 3.2.2版本至3.5.0版本中存在安全漏洞，该漏洞源于用户在从webadmin注销后，程序未能使restapi会话失效。远程攻击者可通过使用其他用户的会话令牌替换该用户的令牌利用该漏洞获取用户权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://ovirt.org/

Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1161730

Impacted products

Name
oVirt oVirt >3.2.2，<3.5.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-7851"
    }
  },
  "description": "Red Hat Ovirt\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u865a\u62df\u5316\u7ba1\u7406\u5e73\u53f0\uff0c\u662fRHEV\uff08\u4f01\u4e1a\u865a\u62df\u5316\u5e73\u53f0\uff09\u7684\u5f00\u6e90\u7248\u672c\uff0c\u7531ovirt-node\u5ba2\u6237\u7aef\u548covert-engine\u7ba1\u7406\u7aef\u7ec4\u6210\u3002\r\n\r\nRed Hat oVirt 3.2.2\u7248\u672c\u81f33.5.0\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u5728\u4ecewebadmin\u6ce8\u9500\u540e\uff0c\u7a0b\u5e8f\u672a\u80fd\u4f7frestapi\u4f1a\u8bdd\u5931\u6548\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f7f\u7528\u5176\u4ed6\u7528\u6237\u7684\u4f1a\u8bdd\u4ee4\u724c\u66ff\u6362\u8be5\u7528\u6237\u7684\u4ee4\u724c\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7528\u6237\u6743\u9650\u3002",
  "discovererName": "Alon Bar-Lev",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://ovirt.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-34619",
  "openTime": "2017-11-20",
  "patchDescription": "Red Hat Ovirt\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u865a\u62df\u5316\u7ba1\u7406\u5e73\u53f0\uff0c\u662fRHEV\uff08\u4f01\u4e1a\u865a\u62df\u5316\u5e73\u53f0\uff09\u7684\u5f00\u6e90\u7248\u672c\uff0c\u7531ovirt-node\u5ba2\u6237\u7aef\u548covert-engine\u7ba1\u7406\u7aef\u7ec4\u6210\u3002\r\n\r\nRed Hat oVirt 3.2.2\u7248\u672c\u81f33.5.0\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u5728\u4ecewebadmin\u6ce8\u9500\u540e\uff0c\u7a0b\u5e8f\u672a\u80fd\u4f7frestapi\u4f1a\u8bdd\u5931\u6548\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f7f\u7528\u5176\u4ed6\u7528\u6237\u7684\u4f1a\u8bdd\u4ee4\u724c\u66ff\u6362\u8be5\u7528\u6237\u7684\u4ee4\u724c\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7528\u6237\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Red Hat oVirt\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "oVirt oVirt \u003e3.2.2\uff0c\u003c3.5.0"
  },
  "referenceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=1161730",
  "serverity": "\u4e2d",
  "submitTime": "2017-10-20",
  "title": "Red Hat oVirt\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e"
}

CVE-2014-7851 (GCVE-0-2014-7851)

Vulnerability from cvelistv5

Published

2017-10-16 15:00

Modified

2024-08-06 13:03

Severity ?

CWE

Summary

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=1161730	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1165311	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:03:27.480Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161730"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165311"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user\u0027s session data to gain that user\u0027s privileges by replacing their session token with that of another user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161730"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165311"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-7851",
    "datePublished": "2017-10-16T15:00:00",
    "dateReserved": "2014-10-03T00:00:00",
    "dateUpdated": "2024-08-06T13:03:27.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted