cvelistv5 - cve-2020-35497

CVE-2020-35497 (GCVE-0-2020-35497)

Vulnerability from cvelistv5 – Published: 2020-12-21 16:22 – Updated: 2024-08-04 17:02

Summary

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.

Severity ?

No CVSS data available.

CWE

CWE-284 - >CWE-200

Assigner

redhat

References

URL

	Vendor	Product	Version
	n/a	ovirt-engine	Affected: ovirt-engine 4.4.3 and earlier

GHSA-WVMJ-H4CR-4HM5

Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37

Details

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-35497"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-21T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users\u0027 personal information, including name, email and public SSH key.",
  "id": "GHSA-wvmj-h4cr-4hm5",
  "modified": "2022-05-24T17:37:07Z",
  "published": "2022-05-24T17:37:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35497"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

RHSA-2021:0383

Vulnerability from csaf_redhat - Published: 2021-02-02 13:58 - Updated: 2025-11-21 18:20

Summary

Red Hat Security Advisory: RHV-M (ovirt-engine) 4.4.z security, bug fix, enhancement upd[ovirt-4.4.4] 0-day

Notes

Topic

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API). Security Fix(es): * ovirt-engine: non-admin user is able to access other users public SSH key (CVE-2020-35497) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, you could not migrate the master role to a newer domain without migrating the virtual machines from the old domain and putting it into maintenance mode. Additionally, you could not put a hosted_storage domain into maintenance mode. With this release, you can use the REST API to move the master role to another storage domain without putting the domain into maintenance mode. For example, to set a storage domain with ID `456` as a master on a data center with ID `123`, send the following request: ---- POST /ovirt-engine/api/datacenters/123/setmaster With a request body like this: <action> <storage_domain id="456"/> </action> ---- Alternatively, this example uses the name of the storage domain: ---- <action> <storage_domain> <name>my-nfs</name> </storage_domain> </action> ---- (BZ#1576923) * Previously when a virtual machine moved from one cluster to another, resulting in the virtual machine's chipset changing, then the virtual machine did not run successfully. With this release, when a virtual machine moves from one cluster to another, it's devices and chipset are automatically updated, and the virtual machine runs successfully. (BZ#1894454)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nThe Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API).\n\nSecurity Fix(es):\n\n* ovirt-engine: non-admin user is able to access other users public SSH key (CVE-2020-35497)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, you could not migrate the master role to a newer domain without migrating the virtual machines from the old domain and putting it into maintenance mode. Additionally, you could not put a hosted_storage domain into maintenance mode.\n\nWith this release, you can use the REST API to move the master role to another storage domain without putting the domain into maintenance mode.\n\nFor example, to set a storage domain with ID `456` as a master on a data center with ID `123`, send the following request:\n\n----\nPOST /ovirt-engine/api/datacenters/123/setmaster\n\nWith a request body like this:\n\n\u003caction\u003e\n  \u003cstorage_domain id=\"456\"/\u003e\n\u003c/action\u003e\n----\n\nAlternatively, this example uses the name of the storage domain:\n\n----\n\u003caction\u003e\n  \u003cstorage_domain\u003e\n    \u003cname\u003emy-nfs\u003c/name\u003e\n  \u003c/storage_domain\u003e\n\u003c/action\u003e\n---- \n(BZ#1576923)\n\n* Previously when a virtual machine moved from one cluster to another, resulting in the virtual machine\u0027s chipset changing, then the virtual machine did not run successfully.\n\nWith this release, when a virtual machine moves from one cluster to another, it\u0027s devices and chipset are automatically updated, and the virtual machine runs successfully. (BZ#1894454)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:0383",
        "url": "https://access.redhat.com/errata/RHSA-2021:0383"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1576923",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576923"
      },
      {
        "category": "external",
        "summary": "1894454",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894454"
      },
      {
        "category": "external",
        "summary": "1908643",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908643"
      },
      {
        "category": "external",
        "summary": "1908755",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0383.json"
      }
    ],
    "title": "Red Hat Security Advisory: RHV-M (ovirt-engine) 4.4.z security, bug fix, enhancement upd[ovirt-4.4.4] 0-day",
    "tracking": {
      "current_release_date": "2025-11-21T18:20:09+00:00",
      "generator": {
        "date": "2025-11-21T18:20:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2021:0383",
      "initial_release_date": "2021-02-02T13:58:20+00:00",
      "revision_history": [
        {
          "date": "2021-02-02T13:58:20+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-02-02T13:58:20+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:20:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                "product": {
                  "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                  "product_id": "8Base-RHV-S-4.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
                "product": {
                  "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
                  "product_id": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.4.4.7-0.2.el8ev?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-backend@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhvm@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src"
        },
        "product_reference": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhvm-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Martin Perina"
          ]
        }
      ],
      "cve": "CVE-2020-35497",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-12-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1908755"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in ovirt-engine 4.4.3 and earlier. This flaw allows an authenticated user to read other users\u0027 personal information, including the name, email, and public SSH key. The highest threat from this vulnerability is to confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ovirt-engine: non-admin user is able to access other users public SSH key",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
          "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-35497"
        },
        {
          "category": "external",
          "summary": "RHBZ#1908755",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35497",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35497"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35497",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35497"
        }
      ],
      "release_date": "2020-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-02T13:58:20+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
          "product_ids": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0383"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ovirt-engine: non-admin user is able to access other users public SSH key"
    }
  ]
}

RHSA-2021_0383

Vulnerability from csaf_redhat - Published: 2021-02-02 13:58 - Updated: 2024-11-22 16:16

Summary

Red Hat Security Advisory: RHV-M (ovirt-engine) 4.4.z security, bug fix, enhancement upd[ovirt-4.4.4] 0-day

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nThe Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API).\n\nSecurity Fix(es):\n\n* ovirt-engine: non-admin user is able to access other users public SSH key (CVE-2020-35497)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, you could not migrate the master role to a newer domain without migrating the virtual machines from the old domain and putting it into maintenance mode. Additionally, you could not put a hosted_storage domain into maintenance mode.\n\nWith this release, you can use the REST API to move the master role to another storage domain without putting the domain into maintenance mode.\n\nFor example, to set a storage domain with ID `456` as a master on a data center with ID `123`, send the following request:\n\n----\nPOST /ovirt-engine/api/datacenters/123/setmaster\n\nWith a request body like this:\n\n\u003caction\u003e\n  \u003cstorage_domain id=\"456\"/\u003e\n\u003c/action\u003e\n----\n\nAlternatively, this example uses the name of the storage domain:\n\n----\n\u003caction\u003e\n  \u003cstorage_domain\u003e\n    \u003cname\u003emy-nfs\u003c/name\u003e\n  \u003c/storage_domain\u003e\n\u003c/action\u003e\n---- \n(BZ#1576923)\n\n* Previously when a virtual machine moved from one cluster to another, resulting in the virtual machine\u0027s chipset changing, then the virtual machine did not run successfully.\n\nWith this release, when a virtual machine moves from one cluster to another, it\u0027s devices and chipset are automatically updated, and the virtual machine runs successfully. (BZ#1894454)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:0383",
        "url": "https://access.redhat.com/errata/RHSA-2021:0383"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1576923",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576923"
      },
      {
        "category": "external",
        "summary": "1894454",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894454"
      },
      {
        "category": "external",
        "summary": "1908643",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908643"
      },
      {
        "category": "external",
        "summary": "1908755",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0383.json"
      }
    ],
    "title": "Red Hat Security Advisory: RHV-M (ovirt-engine) 4.4.z security, bug fix, enhancement upd[ovirt-4.4.4] 0-day",
    "tracking": {
      "current_release_date": "2024-11-22T16:16:59+00:00",
      "generator": {
        "date": "2024-11-22T16:16:59+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2021:0383",
      "initial_release_date": "2021-02-02T13:58:20+00:00",
      "revision_history": [
        {
          "date": "2021-02-02T13:58:20+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-02-02T13:58:20+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T16:16:59+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                "product": {
                  "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                  "product_id": "8Base-RHV-S-4.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
                "product": {
                  "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
                  "product_id": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.4.4.7-0.2.el8ev?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-backend@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhvm@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src"
        },
        "product_reference": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhvm-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Martin Perina"
          ]
        }
      ],
      "cve": "CVE-2020-35497",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-12-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1908755"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in ovirt-engine 4.4.3 and earlier. This flaw allows an authenticated user to read other users\u0027 personal information, including the name, email, and public SSH key. The highest threat from this vulnerability is to confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ovirt-engine: non-admin user is able to access other users public SSH key",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
          "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-35497"
        },
        {
          "category": "external",
          "summary": "RHBZ#1908755",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35497",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35497"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35497",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35497"
        }
      ],
      "release_date": "2020-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-02T13:58:20+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
          "product_ids": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0383"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ovirt-engine: non-admin user is able to access other users public SSH key"
    }
  ]
}

FKIE_CVE-2020-35497

Vulnerability from fkie_nvd - Published: 2020-12-21 17:15 - Updated: 2024-11-21 05:27

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.

References

	URL	Tags
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1908755	Issue Tracking, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1908755	Issue Tracking, Third Party Advisory

Impacted products

	Vendor	Product	Version
	ovirt	ovirt-engine	*
	redhat	virtualization	4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ovirt:ovirt-engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F89AB6-F2F1-4124-84D2-C10D2C445C11",
              "versionEndIncluding": "4.4.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users\u0027 personal information, including name, email and public SSH key."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo en ovirt-engine versiones 4.4.3 y anteriores permitiendo a un usuario autenticado leer la informaci\u00f3n personal de otros usuarios, incluyendo el nombre, el correo electr\u00f3nico y la clave SSH p\u00fablica"
    }
  ],
  "id": "CVE-2020-35497",
  "lastModified": "2024-11-21T05:27:25.683",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-21T17:15:12.757",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    }
  ]
}

GSD-2020-35497

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.

Aliases

CVE-2020-35497

Aliases

CVE-2020-35497

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-35497",
    "description": "A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users\u0027 personal information, including name, email and public SSH key.",
    "id": "GSD-2020-35497",
    "references": [
      "https://access.redhat.com/errata/RHSA-2021:0383"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-35497"
      ],
      "details": "A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users\u0027 personal information, including name, email and public SSH key.",
      "id": "GSD-2020-35497",
      "modified": "2023-12-13T01:22:00.552757Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2020-35497",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ovirt-engine",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "ovirt-engine 4.4.3 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users\u0027 personal information, including name, email and public SSH key."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-284-\u003eCWE-200"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ovirt:ovirt-engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.4.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-35497"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users\u0027 personal information, including name, email and public SSH key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                },
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-12-22T16:50Z",
      "publishedDate": "2020-12-21T17:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-35497 (GCVE-0-2020-35497)

GHSA-WVMJ-H4CR-4HM5

RHSA-2021:0383

RHSA-2021_0383

FKIE_CVE-2020-35497

GSD-2020-35497

Tags

Sightings

Nomenclature