CVE-2020-10775

5.3MEDIUM

Key Information:

Vendor: Oracle
Status: Ovirt-engine
Vendor: CVE Published:; 24 August 2020

Summary

An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.

Affected Version(s)

ovirt-engine ovirt-engine versions before 4.4.2

References

https://bugzilla.redhat.com/show_bug.cgi?id=1847420

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 24, 2020
Vulnerability Reserved
Mar 20, 2020