Vulnerability Details CVE-2024-0822
An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 48.6%
CVSS Severity
CVSS v3 Score 7.5
References
- https://access.redhat.com/errata/RHSA-2024:0934
- https://access.redhat.com/security/cve/CVE-2024-0822
- https://bugzilla.redhat.com/show_bug.cgi?id=2258509
- https://github.com/oVirt/ovirt-engine/pull/914
- https://access.redhat.com/errata/RHSA-2024:0934
- https://access.redhat.com/security/cve/CVE-2024-0822
- https://bugzilla.redhat.com/show_bug.cgi?id=2258509
- https://github.com/oVirt/ovirt-engine/pull/914
Products affected by CVE-2024-0822
-
cpe:2.3:a:ovirt:ovirt-engine:-