cnvd - cnvd-2017-34619

CNVD-2017-34619

Vulnerability from cnvd - Published: 2017-11-20

Title

Red Hat oVirt权限获取漏洞

Description

Red Hat Ovirt是美国红帽（Red Hat）公司的一套开源的虚拟化管理平台，是RHEV（企业虚拟化平台）的开源版本，由ovirt-node客户端和overt-engine管理端组成。 Red Hat oVirt 3.2.2版本至3.5.0版本中存在安全漏洞，该漏洞源于用户在从webadmin注销后，程序未能使restapi会话失效。远程攻击者可通过使用其他用户的会话令牌替换该用户的令牌利用该漏洞获取用户权限。

Severity

中

Patch Name

Red Hat oVirt权限获取漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://ovirt.org/

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1161730

Impacted products

Name
oVirt oVirt >3.2.2，<3.5.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-7851"
    }
  },
  "description": "Red Hat Ovirt\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u865a\u62df\u5316\u7ba1\u7406\u5e73\u53f0\uff0c\u662fRHEV\uff08\u4f01\u4e1a\u865a\u62df\u5316\u5e73\u53f0\uff09\u7684\u5f00\u6e90\u7248\u672c\uff0c\u7531ovirt-node\u5ba2\u6237\u7aef\u548covert-engine\u7ba1\u7406\u7aef\u7ec4\u6210\u3002\r\n\r\nRed Hat oVirt 3.2.2\u7248\u672c\u81f33.5.0\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u5728\u4ecewebadmin\u6ce8\u9500\u540e\uff0c\u7a0b\u5e8f\u672a\u80fd\u4f7frestapi\u4f1a\u8bdd\u5931\u6548\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f7f\u7528\u5176\u4ed6\u7528\u6237\u7684\u4f1a\u8bdd\u4ee4\u724c\u66ff\u6362\u8be5\u7528\u6237\u7684\u4ee4\u724c\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7528\u6237\u6743\u9650\u3002",
  "discovererName": "Alon Bar-Lev",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://ovirt.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-34619",
  "openTime": "2017-11-20",
  "patchDescription": "Red Hat Ovirt\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u865a\u62df\u5316\u7ba1\u7406\u5e73\u53f0\uff0c\u662fRHEV\uff08\u4f01\u4e1a\u865a\u62df\u5316\u5e73\u53f0\uff09\u7684\u5f00\u6e90\u7248\u672c\uff0c\u7531ovirt-node\u5ba2\u6237\u7aef\u548covert-engine\u7ba1\u7406\u7aef\u7ec4\u6210\u3002\r\n\r\nRed Hat oVirt 3.2.2\u7248\u672c\u81f33.5.0\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u5728\u4ecewebadmin\u6ce8\u9500\u540e\uff0c\u7a0b\u5e8f\u672a\u80fd\u4f7frestapi\u4f1a\u8bdd\u5931\u6548\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f7f\u7528\u5176\u4ed6\u7528\u6237\u7684\u4f1a\u8bdd\u4ee4\u724c\u66ff\u6362\u8be5\u7528\u6237\u7684\u4ee4\u724c\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7528\u6237\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Red Hat oVirt\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "oVirt oVirt \u003e3.2.2\uff0c\u003c3.5.0"
  },
  "referenceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=1161730",
  "serverity": "\u4e2d",
  "submitTime": "2017-10-20",
  "title": "Red Hat oVirt\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e"
}

CVE-2014-7851 (GCVE-0-2014-7851)

Vulnerability from cvelistv5 – Published: 2017-10-16 15:00 – Updated: 2024-08-06 13:03

Summary

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=1161730	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1165311	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:03:27.480Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161730"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165311"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user\u0027s session data to gain that user\u0027s privileges by replacing their session token with that of another user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161730"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165311"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-7851",
    "datePublished": "2017-10-16T15:00:00",
    "dateReserved": "2014-10-03T00:00:00",
    "dateUpdated": "2024-08-06T13:03:27.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-34619

CVE-2014-7851 (GCVE-0-2014-7851)

Tags

Sightings

Nomenclature