CVE-2014-7851

CVE-2014-7851

oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user’s session data to gain that user’s privileges by replacing their session token with that of another user.

Source: CVE-2014-7851

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다