cvelistv5 - CVE-2024-0822

CVE-2024-0822 (GCVE-0-2024-0822)

Vulnerability from cvelistv5 – Published: 2024-01-25 15:18 – Updated: 2025-11-20 07:09

Summary

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-1390 - Weak Authentication

Assigner

redhat

References

URL

WID-SEC-W-2024-0449

Vulnerability from csaf_certbund - Published: 2024-02-21 23:00 - Updated: 2024-02-21 23:00

Summary

Red Hat Virtualization: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Virtualization ist eine Virtualisierungslösung von Red Hat, die die simultane Ausführung von verschiedenen Betriebssystemen auf einem Host-System ermöglicht.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Virtualization ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Virtualization ist eine Virtualisierungsl\u00f6sung von Red Hat, die die simultane Ausf\u00fchrung von verschiedenen Betriebssystemen auf einem Host-System erm\u00f6glicht.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Virtualization ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0449 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0449.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0449 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0449"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2024-02-21",
        "url": "https://access.redhat.com/errata/RHSA-2024:0934"
      },
      {
        "category": "external",
        "summary": "PoC vom 2024-02-21",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244641"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Virtualization: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2024-02-21T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:05:34.721+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0449",
      "initial_release_date": "2024-02-21T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-21T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c ovirt-engine__4.5.3.10",
                "product": {
                  "name": "Red Hat Virtualization \u003c ovirt-engine__4.5.3.10",
                  "product_id": "T033029"
                }
              }
            ],
            "category": "product_name",
            "name": "Virtualization"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-0822",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Red Hat Virtualization. Dieser Fehler besteht im Befehl CreateUserSession der ovirt-engine, der es erm\u00f6glicht, Benutzer im System ohne Authentifizierung anzulegen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "release_date": "2024-02-21T23:00:00.000+00:00",
      "title": "CVE-2024-0822"
    }
  ]
}

RHSA-2024_0934

Vulnerability from csaf_redhat - Published: 2024-02-21 09:11 - Updated: 2024-11-24 12:16

Summary

Red Hat Security Advisory: Red Hat Virtualization security and bug fix update

Notes

Topic

An update is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, and Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Security fixes: * ovirt: authentication bypass (CVE-2024-0822) Bug fixes: * During the storage domain import, the engine will fail to find OVF_STORE if there is also a ConnectStoragePoolVDSCommand request (BZ#2244641)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8,  and Red Hat Virtualization Engine 4.4.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Security fixes: \n * ovirt: authentication bypass (CVE-2024-0822)\n\nBug fixes:\n * During the storage domain import, the engine will fail to find OVF_STORE if there is also a ConnectStoragePoolVDSCommand request (BZ#2244641)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:0934",
        "url": "https://access.redhat.com/errata/RHSA-2024:0934"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2244641",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244641"
      },
      {
        "category": "external",
        "summary": "2258509",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0934.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Virtualization security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-24T12:16:28+00:00",
      "generator": {
        "date": "2024-11-24T12:16:28+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2024:0934",
      "initial_release_date": "2024-02-21T09:11:40+00:00",
      "revision_history": [
        {
          "date": "2024-02-21T09:11:40+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-02-21T09:11:40+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-24T12:16:28+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                "product": {
                  "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                  "product_id": "8Base-RHV-S-4.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
                "product": {
                  "name": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
                  "product_id": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.5.3.10-1.el8ev?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-backend@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhvm-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "rhvm-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "rhvm-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhvm@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.5.3.10-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src"
        },
        "product_reference": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhvm-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "rhvm-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-0822",
      "cwe": {
        "id": "CWE-1390",
        "name": "Weak Authentication"
      },
      "discovery_date": "2024-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2258509"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ovirt: authentication bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src",
          "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-0822"
        },
        {
          "category": "external",
          "summary": "RHBZ#2258509",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-0822",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-0822"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-0822",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0822"
        },
        {
          "category": "external",
          "summary": "https://github.com/oVirt/ovirt-engine/pull/914",
          "url": "https://github.com/oVirt/ovirt-engine/pull/914"
        }
      ],
      "release_date": "2024-01-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-21T09:11:40+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891",
          "product_ids": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0934"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "ovirt: authentication bypass"
    }
  ]
}

RHSA-2024:0934

Vulnerability from csaf_redhat - Published: 2024-02-21 09:11 - Updated: 2025-11-21 18:54

Summary

Red Hat Security Advisory: Red Hat Virtualization security and bug fix update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8,  and Red Hat Virtualization Engine 4.4.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Security fixes: \n * ovirt: authentication bypass (CVE-2024-0822)\n\nBug fixes:\n * During the storage domain import, the engine will fail to find OVF_STORE if there is also a ConnectStoragePoolVDSCommand request (BZ#2244641)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:0934",
        "url": "https://access.redhat.com/errata/RHSA-2024:0934"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2244641",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244641"
      },
      {
        "category": "external",
        "summary": "2258509",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0934.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Virtualization security and bug fix update",
    "tracking": {
      "current_release_date": "2025-11-21T18:54:23+00:00",
      "generator": {
        "date": "2025-11-21T18:54:23+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2024:0934",
      "initial_release_date": "2024-02-21T09:11:40+00:00",
      "revision_history": [
        {
          "date": "2024-02-21T09:11:40+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-02-21T09:11:40+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:54:23+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                "product": {
                  "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                  "product_id": "8Base-RHV-S-4.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
                "product": {
                  "name": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
                  "product_id": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.5.3.10-1.el8ev?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-backend@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhvm-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "rhvm-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "rhvm-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhvm@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.5.3.10-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src"
        },
        "product_reference": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhvm-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "rhvm-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-0822",
      "cwe": {
        "id": "CWE-1390",
        "name": "Weak Authentication"
      },
      "discovery_date": "2024-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2258509"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ovirt: authentication bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src",
          "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-0822"
        },
        {
          "category": "external",
          "summary": "RHBZ#2258509",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-0822",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-0822"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-0822",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0822"
        },
        {
          "category": "external",
          "summary": "https://github.com/oVirt/ovirt-engine/pull/914",
          "url": "https://github.com/oVirt/ovirt-engine/pull/914"
        }
      ],
      "release_date": "2024-01-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-21T09:11:40+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891",
          "product_ids": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0934"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "ovirt: authentication bypass"
    }
  ]
}

GHSA-4VWJ-X32H-M4VJ

Vulnerability from github – Published: 2024-01-25 18:30 – Updated: 2024-02-08 15:30

Details

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.

Severity ?

9.1 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-0822"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1390",
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-25T16:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.",
  "id": "GHSA-4vwj-x32h-m4vj",
  "modified": "2024-02-08T15:30:26Z",
  "published": "2024-01-25T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0822"
    },
    {
      "type": "WEB",
      "url": "https://github.com/oVirt/ovirt-engine/pull/914"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0822"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2024-0822

Vulnerability from fkie_nvd - Published: 2024-01-25 16:15 - Updated: 2024-11-21 08:47

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0934
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-0822	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2258509	Exploit, Issue Tracking, Third Party Advisory
secalert@redhat.com	https://github.com/oVirt/ovirt-engine/pull/914
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:0934
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/security/cve/CVE-2024-0822	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=2258509	Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/oVirt/ovirt-engine/pull/914

Impacted products

	Vendor	Product	Version
	ovirt	ovirt-engine	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ovirt:ovirt-engine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF146A38-CD7E-4A6D-9343-EB0ACA61D5EC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en overt-engine. Este fallo permite la creaci\u00f3n de usuarios en el sistema sin autenticaci\u00f3n debido a un fallo en el comando CreateUserSession."
    }
  ],
  "id": "CVE-2024-0822",
  "lastModified": "2024-11-21T08:47:26.913",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-25T16:15:08.743",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0934"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2024-0822"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/oVirt/ovirt-engine/pull/914"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0934"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2024-0822"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/oVirt/ovirt-engine/pull/914"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1390"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2024-0822

Vulnerability from gsd - Updated: 2024-01-24 06:02

Details

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.

Aliases

CVE-2024-0822

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-0822"
      ],
      "details": "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.",
      "id": "GSD-2024-0822",
      "modified": "2024-01-24T06:02:23.225505Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2024-0822",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Red Hat Virtualization Engine 4.4",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "0:4.5.3.10-1.el8ev",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Red Hat"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-1390",
                "lang": "eng",
                "value": "Weak Authentication"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://access.redhat.com/errata/RHSA-2024:0934",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2024:0934"
          },
          {
            "name": "https://access.redhat.com/security/cve/CVE-2024-0822",
            "refsource": "MISC",
            "url": "https://access.redhat.com/security/cve/CVE-2024-0822"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
          },
          {
            "name": "https://github.com/oVirt/ovirt-engine/pull/914",
            "refsource": "MISC",
            "url": "https://github.com/oVirt/ovirt-engine/pull/914"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:ovirt:ovirt-engine:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DF146A38-CD7E-4A6D-9343-EB0ACA61D5EC",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command."
          },
          {
            "lang": "es",
            "value": "Se encontr\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en overt-engine. Este fallo permite la creaci\u00f3n de usuarios en el sistema sin autenticaci\u00f3n debido a un fallo en el comando CreateUserSession."
          }
        ],
        "id": "CVE-2024-0822",
        "lastModified": "2024-02-21T21:15:08.900",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "secalert@redhat.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-25T16:15:08.743",
        "references": [
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2024:0934"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-0822"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Exploit",
              "Issue Tracking",
              "Third Party Advisory"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://github.com/oVirt/ovirt-engine/pull/914"
          }
        ],
        "sourceIdentifier": "secalert@redhat.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-287"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-1390"
              }
            ],
            "source": "secalert@redhat.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-0822 (GCVE-0-2024-0822)

WID-SEC-W-2024-0449

RHSA-2024_0934

RHSA-2024:0934

GHSA-4VWJ-X32H-M4VJ

FKIE_CVE-2024-0822

GSD-2024-0822

Tags

Sightings

Nomenclature