cvelistv5 - cve-2024-0822

cve-2024-0822

Vulnerability from cvelistv5

Published

2024-01-25 15:18

Modified

2024-11-24 12:16

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0934
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-0822	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2258509	Exploit, Issue Tracking, Third Party Advisory
secalert@redhat.com	https://github.com/oVirt/ovirt-engine/pull/914
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:0934
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/security/cve/CVE-2024-0822	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=2258509	Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/oVirt/ovirt-engine/pull/914

Impacted products

Vendor

Product

Version

▼

Version: 4.5.0 ≤

Red Hat

Red Hat Virtualization Engine 4.4

Unaffected: 0:4.5.3.10-1.el8ev < *
cpe:/a:redhat:rhev_manager:4.4:el8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:18:18.983Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:0934",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0934"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-0822"
          },
          {
            "name": "RHBZ#2258509",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/oVirt/ovirt-engine/pull/914"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0822",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-12T18:40:10.525825Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T18:41:28.359Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://ovirt.org/",
          "defaultStatus": "unaffected",
          "packageName": "ovirt-engine",
          "versions": [
            {
              "lessThan": "4.5.6",
              "status": "affected",
              "version": "4.5.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhev_manager:4.4:el8"
          ],
          "defaultStatus": "affected",
          "packageName": "ovirt-engine",
          "product": "Red Hat Virtualization Engine 4.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.5.3.10-1.el8ev",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2024-01-15T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1390",
              "description": "Weak Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-24T12:16:28.423Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:0934",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0934"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-0822"
        },
        {
          "name": "RHBZ#2258509",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
        },
        {
          "url": "https://github.com/oVirt/ovirt-engine/pull/914"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-15T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-01-15T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Ovirt: authentication bypass",
      "x_redhatCweChain": "CWE-1390: Weak Authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-0822",
    "datePublished": "2024-01-25T15:18:20.439Z",
    "dateReserved": "2024-01-23T14:15:45.514Z",
    "dateUpdated": "2024-11-24T12:16:28.423Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ovirt:ovirt-engine:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF146A38-CD7E-4A6D-9343-EB0ACA61D5EC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 una vulnerabilidad de omisi\\u00f3n de autenticaci\\u00f3n en overt-engine. Este fallo permite la creaci\\u00f3n de usuarios en el sistema sin autenticaci\\u00f3n debido a un fallo en el comando CreateUserSession.\"}]",
      "id": "CVE-2024-0822",
      "lastModified": "2024-11-21T08:47:26.913",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2024-01-25T16:15:08.743",
      "references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2024:0934\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-0822\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2258509\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/oVirt/ovirt-engine/pull/914\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0934\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-0822\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2258509\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/oVirt/ovirt-engine/pull/914\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1390\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-0822\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-01-25T16:15:08.743\",\"lastModified\":\"2024-11-21T08:47:26.913\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en overt-engine. Este fallo permite la creaci\u00f3n de usuarios en el sistema sin autenticaci\u00f3n debido a un fallo en el comando CreateUserSession.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1390\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ovirt:ovirt-engine:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF146A38-CD7E-4A6D-9343-EB0ACA61D5EC\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0934\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-0822\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2258509\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/oVirt/ovirt-engine/pull/914\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0934\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-0822\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2258509\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/oVirt/ovirt-engine/pull/914\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2024:0934\", \"name\": \"RHSA-2024:0934\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-0822\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2258509\", \"name\": \"RHBZ#2258509\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://github.com/oVirt/ovirt-engine/pull/914\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T18:18:18.983Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-0822\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-12T18:40:10.525825Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-12T18:40:22.116Z\"}}], \"cna\": {\"title\": \"Ovirt: authentication bypass\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"4.5.0\", \"lessThan\": \"4.5.6\", \"versionType\": \"semver\"}], \"packageName\": \"ovirt-engine\", \"collectionURL\": \"https://ovirt.org/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:rhev_manager:4.4:el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Virtualization Engine 4.4\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:4.5.3.10-1.el8ev\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"ovirt-engine\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-01-15T00:00:00+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2024-01-15T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2024-01-15T00:00:00+00:00\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2024:0934\", \"name\": \"RHSA-2024:0934\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-0822\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2258509\", \"name\": \"RHBZ#2258509\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://github.com/oVirt/ovirt-engine/pull/914\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1390\", \"description\": \"Weak Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2024-11-24T12:16:28.423Z\"}, \"x_redhatCweChain\": \"CWE-1390: Weak Authentication\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-0822\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-24T12:16:28.423Z\", \"dateReserved\": \"2024-01-23T14:15:45.514Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2024-01-25T15:18:20.439Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

cve-2024-0822

Vulnerability from fkie_nvd

Published

2024-01-25 16:15

Modified

2024-11-21 08:47

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0934
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2024-0822	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2258509	Exploit, Issue Tracking, Third Party Advisory
secalert@redhat.com	https://github.com/oVirt/ovirt-engine/pull/914
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:0934
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/security/cve/CVE-2024-0822	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=2258509	Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/oVirt/ovirt-engine/pull/914

Impacted products

	Vendor	Product	Version
	ovirt	ovirt-engine	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ovirt:ovirt-engine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF146A38-CD7E-4A6D-9343-EB0ACA61D5EC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en overt-engine. Este fallo permite la creaci\u00f3n de usuarios en el sistema sin autenticaci\u00f3n debido a un fallo en el comando CreateUserSession."
    }
  ],
  "id": "CVE-2024-0822",
  "lastModified": "2024-11-21T08:47:26.913",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-25T16:15:08.743",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0934"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2024-0822"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/oVirt/ovirt-engine/pull/914"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0934"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2024-0822"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/oVirt/ovirt-engine/pull/914"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1390"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

rhsa-2024_0934

Vulnerability from csaf_redhat

Published

2024-02-21 09:11

Modified

2024-11-24 12:16

Summary

Red Hat Security Advisory: Red Hat Virtualization security and bug fix update

Notes

Topic

An update is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, and Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Security fixes: * ovirt: authentication bypass (CVE-2024-0822) Bug fixes: * During the storage domain import, the engine will fail to find OVF_STORE if there is also a ConnectStoragePoolVDSCommand request (BZ#2244641)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8,  and Red Hat Virtualization Engine 4.4.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Security fixes: \n * ovirt: authentication bypass (CVE-2024-0822)\n\nBug fixes:\n * During the storage domain import, the engine will fail to find OVF_STORE if there is also a ConnectStoragePoolVDSCommand request (BZ#2244641)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:0934",
        "url": "https://access.redhat.com/errata/RHSA-2024:0934"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2244641",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244641"
      },
      {
        "category": "external",
        "summary": "2258509",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0934.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Virtualization security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-24T12:16:28+00:00",
      "generator": {
        "date": "2024-11-24T12:16:28+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2024:0934",
      "initial_release_date": "2024-02-21T09:11:40+00:00",
      "revision_history": [
        {
          "date": "2024-02-21T09:11:40+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-02-21T09:11:40+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-24T12:16:28+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                "product": {
                  "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                  "product_id": "8Base-RHV-S-4.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
                "product": {
                  "name": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
                  "product_id": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.5.3.10-1.el8ev?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-backend@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhvm-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "rhvm-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "rhvm-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhvm@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.5.3.10-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src"
        },
        "product_reference": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhvm-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "rhvm-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-0822",
      "cwe": {
        "id": "CWE-1390",
        "name": "Weak Authentication"
      },
      "discovery_date": "2024-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2258509"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ovirt: authentication bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src",
          "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-0822"
        },
        {
          "category": "external",
          "summary": "RHBZ#2258509",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-0822",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-0822"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-0822",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0822"
        },
        {
          "category": "external",
          "summary": "https://github.com/oVirt/ovirt-engine/pull/914",
          "url": "https://github.com/oVirt/ovirt-engine/pull/914"
        }
      ],
      "release_date": "2024-01-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-21T09:11:40+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891",
          "product_ids": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0934"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "ovirt: authentication bypass"
    }
  ]
}

rhsa-2024:0934

Vulnerability from csaf_redhat

Published

2024-02-21 09:11

Modified

2024-11-24 12:16

Summary

Red Hat Security Advisory: Red Hat Virtualization security and bug fix update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8,  and Red Hat Virtualization Engine 4.4.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Security fixes: \n * ovirt: authentication bypass (CVE-2024-0822)\n\nBug fixes:\n * During the storage domain import, the engine will fail to find OVF_STORE if there is also a ConnectStoragePoolVDSCommand request (BZ#2244641)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:0934",
        "url": "https://access.redhat.com/errata/RHSA-2024:0934"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2244641",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244641"
      },
      {
        "category": "external",
        "summary": "2258509",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0934.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Virtualization security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-24T12:16:28+00:00",
      "generator": {
        "date": "2024-11-24T12:16:28+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2024:0934",
      "initial_release_date": "2024-02-21T09:11:40+00:00",
      "revision_history": [
        {
          "date": "2024-02-21T09:11:40+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-02-21T09:11:40+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-24T12:16:28+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                "product": {
                  "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                  "product_id": "8Base-RHV-S-4.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
                "product": {
                  "name": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
                  "product_id": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.5.3.10-1.el8ev?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-backend@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhvm-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "rhvm-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "rhvm-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhvm@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.5.3.10-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src"
        },
        "product_reference": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhvm-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "rhvm-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-0822",
      "cwe": {
        "id": "CWE-1390",
        "name": "Weak Authentication"
      },
      "discovery_date": "2024-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2258509"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ovirt: authentication bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src",
          "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-0822"
        },
        {
          "category": "external",
          "summary": "RHBZ#2258509",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-0822",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-0822"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-0822",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0822"
        },
        {
          "category": "external",
          "summary": "https://github.com/oVirt/ovirt-engine/pull/914",
          "url": "https://github.com/oVirt/ovirt-engine/pull/914"
        }
      ],
      "release_date": "2024-01-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-21T09:11:40+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891",
          "product_ids": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0934"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "ovirt: authentication bypass"
    }
  ]
}

RHSA-2024:0934

Vulnerability from csaf_redhat

Published

2024-02-21 09:11

Modified

2024-11-24 12:16

Summary

Red Hat Security Advisory: Red Hat Virtualization security and bug fix update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8,  and Red Hat Virtualization Engine 4.4.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Security fixes: \n * ovirt: authentication bypass (CVE-2024-0822)\n\nBug fixes:\n * During the storage domain import, the engine will fail to find OVF_STORE if there is also a ConnectStoragePoolVDSCommand request (BZ#2244641)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:0934",
        "url": "https://access.redhat.com/errata/RHSA-2024:0934"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2244641",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244641"
      },
      {
        "category": "external",
        "summary": "2258509",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0934.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Virtualization security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-24T12:16:28+00:00",
      "generator": {
        "date": "2024-11-24T12:16:28+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2024:0934",
      "initial_release_date": "2024-02-21T09:11:40+00:00",
      "revision_history": [
        {
          "date": "2024-02-21T09:11:40+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-02-21T09:11:40+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-24T12:16:28+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                "product": {
                  "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
                  "product_id": "8Base-RHV-S-4.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
                "product": {
                  "name": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
                  "product_id": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.5.3.10-1.el8ev?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-backend@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhvm-0:4.5.3.10-1.el8ev.noarch",
                "product": {
                  "name": "rhvm-0:4.5.3.10-1.el8ev.noarch",
                  "product_id": "rhvm-0:4.5.3.10-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhvm@4.5.3.10-1.el8ev?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.5.3.10-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src"
        },
        "product_reference": "ovirt-engine-0:4.5.3.10-1.el8ev.src",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhvm-0:4.5.3.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
          "product_id": "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
        },
        "product_reference": "rhvm-0:4.5.3.10-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-S-4.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-0822",
      "cwe": {
        "id": "CWE-1390",
        "name": "Weak Authentication"
      },
      "discovery_date": "2024-01-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2258509"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ovirt: authentication bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src",
          "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
          "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-0822"
        },
        {
          "category": "external",
          "summary": "RHBZ#2258509",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-0822",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-0822"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-0822",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0822"
        },
        {
          "category": "external",
          "summary": "https://github.com/oVirt/ovirt-engine/pull/914",
          "url": "https://github.com/oVirt/ovirt-engine/pull/914"
        }
      ],
      "release_date": "2024-01-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-21T09:11:40+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2974891",
          "product_ids": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0934"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-0:4.5.3.10-1.el8ev.src",
            "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.3.10-1.el8ev.noarch",
            "8Base-RHV-S-4.4:rhvm-0:4.5.3.10-1.el8ev.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "ovirt: authentication bypass"
    }
  ]
}

wid-sec-w-2024-0449

Vulnerability from csaf_certbund

Published

2024-02-21 23:00

Modified

2024-02-21 23:00

Summary

Red Hat Virtualization: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Virtualization ist eine Virtualisierungslösung von Red Hat, die die simultane Ausführung von verschiedenen Betriebssystemen auf einem Host-System ermöglicht.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Virtualization ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Virtualization ist eine Virtualisierungsl\u00f6sung von Red Hat, die die simultane Ausf\u00fchrung von verschiedenen Betriebssystemen auf einem Host-System erm\u00f6glicht.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Virtualization ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0449 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0449.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0449 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0449"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2024-02-21",
        "url": "https://access.redhat.com/errata/RHSA-2024:0934"
      },
      {
        "category": "external",
        "summary": "PoC vom 2024-02-21",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244641"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Virtualization: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2024-02-21T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-22T09:05:57.701+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0449",
      "initial_release_date": "2024-02-21T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-21T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c ovirt-engine__4.5.3.10",
                "product": {
                  "name": "Red Hat Virtualization \u003c ovirt-engine__4.5.3.10",
                  "product_id": "T033029",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:virtualization:ovirt-engine__4.5.3.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Virtualization"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-0822",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Red Hat Virtualization. Dieser Fehler besteht im Befehl CreateUserSession der ovirt-engine, der es erm\u00f6glicht, Benutzer im System ohne Authentifizierung anzulegen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "release_date": "2024-02-21T23:00:00Z",
      "title": "CVE-2024-0822"
    }
  ]
}

WID-SEC-W-2024-0449

Vulnerability from csaf_certbund

Published

2024-02-21 23:00

Modified

2024-02-21 23:00

Summary

Red Hat Virtualization: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Notes

Produktbeschreibung

Virtualization ist eine Virtualisierungslösung von Red Hat, die die simultane Ausführung von verschiedenen Betriebssystemen auf einem Host-System ermöglicht.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Virtualization ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Virtualization ist eine Virtualisierungsl\u00f6sung von Red Hat, die die simultane Ausf\u00fchrung von verschiedenen Betriebssystemen auf einem Host-System erm\u00f6glicht.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Virtualization ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0449 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0449.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0449 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0449"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory vom 2024-02-21",
        "url": "https://access.redhat.com/errata/RHSA-2024:0934"
      },
      {
        "category": "external",
        "summary": "PoC vom 2024-02-21",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244641"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Virtualization: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2024-02-21T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-22T09:05:57.701+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0449",
      "initial_release_date": "2024-02-21T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-21T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c ovirt-engine__4.5.3.10",
                "product": {
                  "name": "Red Hat Virtualization \u003c ovirt-engine__4.5.3.10",
                  "product_id": "T033029",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:virtualization:ovirt-engine__4.5.3.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Virtualization"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-0822",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Red Hat Virtualization. Dieser Fehler besteht im Befehl CreateUserSession der ovirt-engine, der es erm\u00f6glicht, Benutzer im System ohne Authentifizierung anzulegen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen."
        }
      ],
      "release_date": "2024-02-21T23:00:00Z",
      "title": "CVE-2024-0822"
    }
  ]
}

ghsa-4vwj-x32h-m4vj

Vulnerability from github

Published

2024-01-25 18:30

Modified

2024-02-08 15:30

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-0822"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1390",
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-25T16:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.",
  "id": "GHSA-4vwj-x32h-m4vj",
  "modified": "2024-02-08T15:30:26Z",
  "published": "2024-01-25T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0822"
    },
    {
      "type": "WEB",
      "url": "https://github.com/oVirt/ovirt-engine/pull/914"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0822"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2024-0822

Vulnerability from gsd

Modified

2024-01-24 06:02

Details

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.

Aliases

CVE-2024-0822

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-0822"
      ],
      "details": "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.",
      "id": "GSD-2024-0822",
      "modified": "2024-01-24T06:02:23.225505Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2024-0822",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Red Hat Virtualization Engine 4.4",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "0:4.5.3.10-1.el8ev",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Red Hat"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-1390",
                "lang": "eng",
                "value": "Weak Authentication"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://access.redhat.com/errata/RHSA-2024:0934",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2024:0934"
          },
          {
            "name": "https://access.redhat.com/security/cve/CVE-2024-0822",
            "refsource": "MISC",
            "url": "https://access.redhat.com/security/cve/CVE-2024-0822"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
          },
          {
            "name": "https://github.com/oVirt/ovirt-engine/pull/914",
            "refsource": "MISC",
            "url": "https://github.com/oVirt/ovirt-engine/pull/914"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:ovirt:ovirt-engine:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DF146A38-CD7E-4A6D-9343-EB0ACA61D5EC",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command."
          },
          {
            "lang": "es",
            "value": "Se encontr\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en overt-engine. Este fallo permite la creaci\u00f3n de usuarios en el sistema sin autenticaci\u00f3n debido a un fallo en el comando CreateUserSession."
          }
        ],
        "id": "CVE-2024-0822",
        "lastModified": "2024-02-21T21:15:08.900",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "secalert@redhat.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-25T16:15:08.743",
        "references": [
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2024:0934"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-0822"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Exploit",
              "Issue Tracking",
              "Third Party Advisory"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258509"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://github.com/oVirt/ovirt-engine/pull/914"
          }
        ],
        "sourceIdentifier": "secalert@redhat.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-287"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-1390"
              }
            ],
            "source": "secalert@redhat.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from cvelistv5

Vulnerability from fkie_nvd

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_certbund

Vulnerability from csaf_certbund

Vulnerability from github

Vulnerability from gsd

Tags

Sightings

Nomenclature