CVE-2014-0151

Impact:
Moderate
Public Date:
2014-03-17
CWE:
CWE-352
Bugzilla:
1081849: CVE-2014-0151 ovirt-engine: cross-site request forgery (CSRF)
A Cross-Site Request Forgery (CSRF) flaw was found in the oVirt REST API. A remote attacker could provide a specially crafted web page that, when visited by a user with a valid REST API session, would allow the attacker to trigger calls to the oVirt REST API.

Find out more about CVE-2014-0151 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 4.3
Base Metrics AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
RHEV Manager 3 (org.ovirt.engine-root) RHSA-2015:0158 2015-02-11

Affected Packages State

Platform Package State
RHEV Manager 3 ovirt-engine-restapi Will not fix

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.