First published: Thu Dec 17 2020(Updated: )
A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ovirt Ovirt-engine | <=4.4.3 | |
Redhat Virtualization | =4.0 | |
redhat/ovirt-engine | <4.4.4.7 | 4.4.4.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35497 is a vulnerability in oVirt Engine 4.4.3 and earlier that allows an authenticated user to read other users' personal information.
CVE-2020-35497 has a severity score of 6.5 (medium).
oVirt Engine versions up to and including 4.4.3 are affected by CVE-2020-35497.
An authenticated user can exploit CVE-2020-35497 to read other users' personal information, including name, email, and public SSH key.
Yes, the recommended fix for CVE-2020-35497 is to update to version 4.4.4.7.