cvelistv5 - cve-2020-35497

cve-2020-35497

Vulnerability from cvelistv5

Published

2020-12-21 16:22

Modified

2024-08-04 17:02

Severity ?

Summary

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.

References

▼	URL	Tags
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1908755	Issue Tracking, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1908755	Issue Tracking, Third Party Advisory

Impacted products

Vendor

Product

Version

▼

n/a

ovirt-engine

Version: ovirt-engine 4.4.3 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ovirt-engine",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "ovirt-engine 4.4.3 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users\u0027 personal information, including name, email and public SSH key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284-\u003eCWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-21T16:22:22",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-35497",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ovirt-engine",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ovirt-engine 4.4.3 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users\u0027 personal information, including name, email and public SSH key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-284-\u003eCWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-35497",
    "datePublished": "2020-12-21T16:22:22",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-04T17:02:08.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ovirt:ovirt-engine:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.4.3\", \"matchCriteriaId\": \"40F89AB6-F2F1-4124-84D2-C10D2C445C11\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users\u0027 personal information, including name, email and public SSH key.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 un fallo en ovirt-engine versiones 4.4.3 y anteriores permitiendo a un usuario autenticado leer la informaci\\u00f3n personal de otros usuarios, incluyendo el nombre, el correo electr\\u00f3nico y la clave SSH p\\u00fablica\"}]",
      "id": "CVE-2020-35497",
      "lastModified": "2024-11-21T05:27:25.683",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-12-21T17:15:12.757",
      "references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1908755\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1908755\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-35497\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-12-21T17:15:12.757\",\"lastModified\":\"2024-11-21T05:27:25.683\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users\u0027 personal information, including name, email and public SSH key.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en ovirt-engine versiones 4.4.3 y anteriores permitiendo a un usuario autenticado leer la informaci\u00f3n personal de otros usuarios, incluyendo el nombre, el correo electr\u00f3nico y la clave SSH p\u00fablica\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ovirt:ovirt-engine:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.4.3\",\"matchCriteriaId\":\"40F89AB6-F2F1-4124-84D2-C10D2C445C11\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1908755\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1908755\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]}]}}"
  }
}

cve-2020-35497

Vulnerability from fkie_nvd

Published

2020-12-21 17:15

Modified

2024-11-21 05:27

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.

References

▼	URL	Tags
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1908755	Issue Tracking, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1908755	Issue Tracking, Third Party Advisory

Impacted products

	Vendor	Product	Version
	ovirt	ovirt-engine	*
	redhat	virtualization	4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ovirt:ovirt-engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F89AB6-F2F1-4124-84D2-C10D2C445C11",
              "versionEndIncluding": "4.4.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users\u0027 personal information, including name, email and public SSH key."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo en ovirt-engine versiones 4.4.3 y anteriores permitiendo a un usuario autenticado leer la informaci\u00f3n personal de otros usuarios, incluyendo el nombre, el correo electr\u00f3nico y la clave SSH p\u00fablica"
    }
  ],
  "id": "CVE-2020-35497",
  "lastModified": "2024-11-21T05:27:25.683",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-21T17:15:12.757",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    }
  ]
}

rhsa-2021:0383

Vulnerability from csaf_redhat

Published

2021-02-02 13:58

Modified

2024-11-22 16:16

Summary

Red Hat Security Advisory: RHV-M (ovirt-engine) 4.4.z security, bug fix, enhancement upd[ovirt-4.4.4] 0-day

Notes

Topic

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API). Security Fix(es): * ovirt-engine: non-admin user is able to access other users public SSH key (CVE-2020-35497) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, you could not migrate the master role to a newer domain without migrating the virtual machines from the old domain and putting it into maintenance mode. Additionally, you could not put a hosted_storage domain into maintenance mode. With this release, you can use the REST API to move the master role to another storage domain without putting the domain into maintenance mode. For example, to set a storage domain with ID `456` as a master on a data center with ID `123`, send the following request: ---- POST /ovirt-engine/api/datacenters/123/setmaster With a request body like this: <action> <storage_domain id="456"/> </action> ---- Alternatively, this example uses the name of the storage domain: ---- <action> <storage_domain> <name>my-nfs</name> </storage_domain> </action> ---- (BZ#1576923) * Previously when a virtual machine moved from one cluster to another, resulting in the virtual machine's chipset changing, then the virtual machine did not run successfully. With this release, when a virtual machine moves from one cluster to another, it's devices and chipset are automatically updated, and the virtual machine runs successfully. (BZ#1894454)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nThe Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API).\n\nSecurity Fix(es):\n\n* ovirt-engine: non-admin user is able to access other users public SSH key (CVE-2020-35497)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, you could not migrate the master role to a newer domain without migrating the virtual machines from the old domain and putting it into maintenance mode. Additionally, you could not put a hosted_storage domain into maintenance mode.\n\nWith this release, you can use the REST API to move the master role to another storage domain without putting the domain into maintenance mode.\n\nFor example, to set a storage domain with ID `456` as a master on a data center with ID `123`, send the following request:\n\n----\nPOST /ovirt-engine/api/datacenters/123/setmaster\n\nWith a request body like this:\n\n\u003caction\u003e\n  \u003cstorage_domain id=\"456\"/\u003e\n\u003c/action\u003e\n----\n\nAlternatively, this example uses the name of the storage domain:\n\n----\n\u003caction\u003e\n  \u003cstorage_domain\u003e\n    \u003cname\u003emy-nfs\u003c/name\u003e\n  \u003c/storage_domain\u003e\n\u003c/action\u003e\n---- \n(BZ#1576923)\n\n* Previously when a virtual machine moved from one cluster to another, resulting in the virtual machine\u0027s chipset changing, then the virtual machine did not run successfully.\n\nWith this release, when a virtual machine moves from one cluster to another, it\u0027s devices and chipset are automatically updated, and the virtual machine runs successfully. (BZ#1894454)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:0383",
        "url": "https://access.redhat.com/errata/RHSA-2021:0383"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1576923",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576923"
      },
      {
        "category": "external",
        "summary": "1894454",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894454"
      },
      {
        "category": "external",
        "summary": "1908643",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908643"
      },
      {
        "category": "external",
        "summary": "1908755",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0383.json"
      }
    ],
    "title": "Red Hat Security Advisory: RHV-M (ovirt-engine) 4.4.z security, bug fix, enhancement upd[ovirt-4.4.4] 0-day",
    "tracking": {
      "current_release_date": "2024-11-22T16:16:59+00:00",
      "generator": {
        "date": "2024-11-22T16:16:59+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2021:0383",
      "initial_release_date": "2021-02-02T13:58:20+00:00",
      "revision_history": [
        {
          "date": "2021-02-02T13:58:20+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-02-02T13:58:20+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T16:16:59+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                "product": {
                  "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                  "product_id": "8Base-RHV-S-4.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
                "product": {
                  "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
                  "product_id": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.4.4.7-0.2.el8ev?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-backend@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhvm@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src"
        },
        "product_reference": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhvm-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Martin Perina"
          ]
        }
      ],
      "cve": "CVE-2020-35497",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-12-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1908755"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in ovirt-engine 4.4.3 and earlier. This flaw allows an authenticated user to read other users\u0027 personal information, including the name, email, and public SSH key. The highest threat from this vulnerability is to confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ovirt-engine: non-admin user is able to access other users public SSH key",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
          "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-35497"
        },
        {
          "category": "external",
          "summary": "RHBZ#1908755",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35497",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35497"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35497",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35497"
        }
      ],
      "release_date": "2020-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-02T13:58:20+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
          "product_ids": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0383"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ovirt-engine: non-admin user is able to access other users public SSH key"
    }
  ]
}

RHSA-2021:0383

Vulnerability from csaf_redhat

Published

2021-02-02 13:58

Modified

2024-11-22 16:16

Summary

Red Hat Security Advisory: RHV-M (ovirt-engine) 4.4.z security, bug fix, enhancement upd[ovirt-4.4.4] 0-day

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nThe Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API).\n\nSecurity Fix(es):\n\n* ovirt-engine: non-admin user is able to access other users public SSH key (CVE-2020-35497)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, you could not migrate the master role to a newer domain without migrating the virtual machines from the old domain and putting it into maintenance mode. Additionally, you could not put a hosted_storage domain into maintenance mode.\n\nWith this release, you can use the REST API to move the master role to another storage domain without putting the domain into maintenance mode.\n\nFor example, to set a storage domain with ID `456` as a master on a data center with ID `123`, send the following request:\n\n----\nPOST /ovirt-engine/api/datacenters/123/setmaster\n\nWith a request body like this:\n\n\u003caction\u003e\n  \u003cstorage_domain id=\"456\"/\u003e\n\u003c/action\u003e\n----\n\nAlternatively, this example uses the name of the storage domain:\n\n----\n\u003caction\u003e\n  \u003cstorage_domain\u003e\n    \u003cname\u003emy-nfs\u003c/name\u003e\n  \u003c/storage_domain\u003e\n\u003c/action\u003e\n---- \n(BZ#1576923)\n\n* Previously when a virtual machine moved from one cluster to another, resulting in the virtual machine\u0027s chipset changing, then the virtual machine did not run successfully.\n\nWith this release, when a virtual machine moves from one cluster to another, it\u0027s devices and chipset are automatically updated, and the virtual machine runs successfully. (BZ#1894454)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:0383",
        "url": "https://access.redhat.com/errata/RHSA-2021:0383"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1576923",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576923"
      },
      {
        "category": "external",
        "summary": "1894454",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894454"
      },
      {
        "category": "external",
        "summary": "1908643",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908643"
      },
      {
        "category": "external",
        "summary": "1908755",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0383.json"
      }
    ],
    "title": "Red Hat Security Advisory: RHV-M (ovirt-engine) 4.4.z security, bug fix, enhancement upd[ovirt-4.4.4] 0-day",
    "tracking": {
      "current_release_date": "2024-11-22T16:16:59+00:00",
      "generator": {
        "date": "2024-11-22T16:16:59+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2021:0383",
      "initial_release_date": "2021-02-02T13:58:20+00:00",
      "revision_history": [
        {
          "date": "2021-02-02T13:58:20+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-02-02T13:58:20+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T16:16:59+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                "product": {
                  "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                  "product_id": "8Base-RHV-S-4.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
                "product": {
                  "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
                  "product_id": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.4.4.7-0.2.el8ev?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-backend@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhvm@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src"
        },
        "product_reference": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhvm-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Martin Perina"
          ]
        }
      ],
      "cve": "CVE-2020-35497",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-12-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1908755"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in ovirt-engine 4.4.3 and earlier. This flaw allows an authenticated user to read other users\u0027 personal information, including the name, email, and public SSH key. The highest threat from this vulnerability is to confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ovirt-engine: non-admin user is able to access other users public SSH key",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
          "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-35497"
        },
        {
          "category": "external",
          "summary": "RHBZ#1908755",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35497",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35497"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35497",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35497"
        }
      ],
      "release_date": "2020-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-02T13:58:20+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
          "product_ids": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0383"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ovirt-engine: non-admin user is able to access other users public SSH key"
    }
  ]
}

rhsa-2021_0383

Vulnerability from csaf_redhat

Published

2021-02-02 13:58

Modified

2024-11-22 16:16

Summary

Red Hat Security Advisory: RHV-M (ovirt-engine) 4.4.z security, bug fix, enhancement upd[ovirt-4.4.4] 0-day

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nThe Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API).\n\nSecurity Fix(es):\n\n* ovirt-engine: non-admin user is able to access other users public SSH key (CVE-2020-35497)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, you could not migrate the master role to a newer domain without migrating the virtual machines from the old domain and putting it into maintenance mode. Additionally, you could not put a hosted_storage domain into maintenance mode.\n\nWith this release, you can use the REST API to move the master role to another storage domain without putting the domain into maintenance mode.\n\nFor example, to set a storage domain with ID `456` as a master on a data center with ID `123`, send the following request:\n\n----\nPOST /ovirt-engine/api/datacenters/123/setmaster\n\nWith a request body like this:\n\n\u003caction\u003e\n  \u003cstorage_domain id=\"456\"/\u003e\n\u003c/action\u003e\n----\n\nAlternatively, this example uses the name of the storage domain:\n\n----\n\u003caction\u003e\n  \u003cstorage_domain\u003e\n    \u003cname\u003emy-nfs\u003c/name\u003e\n  \u003c/storage_domain\u003e\n\u003c/action\u003e\n---- \n(BZ#1576923)\n\n* Previously when a virtual machine moved from one cluster to another, resulting in the virtual machine\u0027s chipset changing, then the virtual machine did not run successfully.\n\nWith this release, when a virtual machine moves from one cluster to another, it\u0027s devices and chipset are automatically updated, and the virtual machine runs successfully. (BZ#1894454)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:0383",
        "url": "https://access.redhat.com/errata/RHSA-2021:0383"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1576923",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576923"
      },
      {
        "category": "external",
        "summary": "1894454",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894454"
      },
      {
        "category": "external",
        "summary": "1908643",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908643"
      },
      {
        "category": "external",
        "summary": "1908755",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0383.json"
      }
    ],
    "title": "Red Hat Security Advisory: RHV-M (ovirt-engine) 4.4.z security, bug fix, enhancement upd[ovirt-4.4.4] 0-day",
    "tracking": {
      "current_release_date": "2024-11-22T16:16:59+00:00",
      "generator": {
        "date": "2024-11-22T16:16:59+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2021:0383",
      "initial_release_date": "2021-02-02T13:58:20+00:00",
      "revision_history": [
        {
          "date": "2021-02-02T13:58:20+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-02-02T13:58:20+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T16:16:59+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                "product": {
                  "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                  "product_id": "8Base-RHV-S-4.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
                "product": {
                  "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
                  "product_id": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.4.4.7-0.2.el8ev?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-backend@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
                "product": {
                  "name": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_id": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhvm@4.4.4.7-0.2.el8ev?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src"
        },
        "product_reference": "ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhvm-0:4.4.4.7-0.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
        },
        "product_reference": "rhvm-0:4.4.4.7-0.2.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Martin Perina"
          ]
        }
      ],
      "cve": "CVE-2020-35497",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2020-12-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1908755"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in ovirt-engine 4.4.3 and earlier. This flaw allows an authenticated user to read other users\u0027 personal information, including the name, email, and public SSH key. The highest threat from this vulnerability is to confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ovirt-engine: non-admin user is able to access other users public SSH key",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
          "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
          "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-35497"
        },
        {
          "category": "external",
          "summary": "RHBZ#1908755",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35497",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35497"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35497",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35497"
        }
      ],
      "release_date": "2020-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-02-02T13:58:20+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
          "product_ids": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:0383"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.4.4.7-0.2.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.4.7-0.2.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.4.4.7-0.2.el8ev.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ovirt-engine: non-admin user is able to access other users public SSH key"
    }
  ]
}

gsd-2020-35497

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.

Aliases

CVE-2020-35497

Aliases

CVE-2020-35497

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-35497",
    "description": "A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users\u0027 personal information, including name, email and public SSH key.",
    "id": "GSD-2020-35497",
    "references": [
      "https://access.redhat.com/errata/RHSA-2021:0383"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-35497"
      ],
      "details": "A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users\u0027 personal information, including name, email and public SSH key.",
      "id": "GSD-2020-35497",
      "modified": "2023-12-13T01:22:00.552757Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2020-35497",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ovirt-engine",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "ovirt-engine 4.4.3 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users\u0027 personal information, including name, email and public SSH key."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-284-\u003eCWE-200"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ovirt:ovirt-engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.4.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-35497"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users\u0027 personal information, including name, email and public SSH key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                },
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-12-22T16:50Z",
      "publishedDate": "2020-12-21T17:15Z"
    }
  }
}

ghsa-wvmj-h4cr-4hm5

Vulnerability from github

Published

2022-05-24 17:37

Modified

2022-05-24 17:37

Details

A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-35497"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-21T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users\u0027 personal information, including name, email and public SSH key.",
  "id": "GHSA-wvmj-h4cr-4hm5",
  "modified": "2022-05-24T17:37:07Z",
  "published": "2022-05-24T17:37:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35497"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908755"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2020-35497

Vulnerability from cvelistv5

cve-2020-35497

Vulnerability from fkie_nvd

rhsa-2021:0383

Vulnerability from csaf_redhat

RHSA-2021:0383

Vulnerability from csaf_redhat

rhsa-2021_0383

Vulnerability from csaf_redhat

gsd-2020-35497

Vulnerability from gsd

ghsa-wvmj-h4cr-4hm5

Vulnerability from github

Tags

Sightings

Nomenclature