CVE-2024-7259

A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2024-7259
https://bugzilla.redhat.com/show_bug.cgi?id=2314229

Configurations

No configuration.

History

30 Sep 2024, 12:46

Type	Values Removed	Values Added
Summary		(es) Se encontró una falla en oVirt. Un usuario con privilegios de administrador, incluidos los usuarios con el permiso ReadOnlyAdmin, puede usar las herramientas para desarrolladores del navegador para ver las contraseñas del proveedor en texto plano.

26 Sep 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-26 16:15

Updated : 2024-09-30 12:46

NVD link : CVE-2024-7259

Mitre link : CVE-2024-7259

CVE.ORG link : CVE-2024-7259

JSON object : View

Products Affected

No product.

CWE

CWE-312

Cleartext Storage of Sensitive Information

4.4 /10