Untriaged
Permalink
CVE-2024-0822
9.1 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): NONE
Ovirt: authentication bypass
An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.
References
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry
- RHBZ#2258509 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry
- RHBZ#2258509 issue-tracking x_refsource_REDHAT
- https://github.com/oVirt/ovirt-engine/pull/914
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry
- RHBZ#2258509 issue-tracking x_refsource_REDHAT
- https://github.com/oVirt/ovirt-engine/pull/914
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry
- RHBZ#2258509 issue-tracking x_refsource_REDHAT
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry
- RHBZ#2258509 issue-tracking x_refsource_REDHAT
- https://github.com/oVirt/ovirt-engine/pull/914
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry
- RHBZ#2258509 issue-tracking x_refsource_REDHAT
- https://github.com/oVirt/ovirt-engine/pull/914
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry
- RHBZ#2258509 issue-tracking x_refsource_REDHAT
- https://github.com/oVirt/ovirt-engine/pull/914
- RHBZ#2258509 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/oVirt/ovirt-engine/pull/914 x_transferred
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry x_transferred
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry
- RHBZ#2258509 issue-tracking x_refsource_REDHAT
- https://github.com/oVirt/ovirt-engine/pull/914
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2258509 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/oVirt/ovirt-engine/pull/914 x_transferred
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry
- RHBZ#2258509 issue-tracking x_refsource_REDHAT
- https://github.com/oVirt/ovirt-engine/pull/914
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2258509 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/oVirt/ovirt-engine/pull/914 x_transferred
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry
- RHBZ#2258509 issue-tracking x_refsource_REDHAT
- https://github.com/oVirt/ovirt-engine/pull/914
- RHBZ#2258509 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/oVirt/ovirt-engine/pull/914 x_transferred
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2258509 issue-tracking x_refsource_REDHAT
- https://github.com/oVirt/ovirt-engine/pull/914
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2258509 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/oVirt/ovirt-engine/pull/914 x_transferred
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry
- RHBZ#2258509 issue-tracking x_refsource_REDHAT
- https://github.com/oVirt/ovirt-engine/pull/914
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2258509 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/oVirt/ovirt-engine/pull/914 x_transferred
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry
- RHBZ#2258509 issue-tracking x_refsource_REDHAT
- https://github.com/oVirt/ovirt-engine/pull/914
- https://github.com/oVirt/ovirt-engine/pull/914 x_transferred
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2258509 issue-tracking x_refsource_REDHAT x_transferred
- RHBZ#2258509 issue-tracking x_refsource_REDHAT
- https://github.com/oVirt/ovirt-engine/pull/914
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2258509 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/oVirt/ovirt-engine/pull/914 x_transferred
- https://github.com/oVirt/ovirt-engine/pull/914
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry
- RHBZ#2258509 issue-tracking x_refsource_REDHAT
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2258509 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/oVirt/ovirt-engine/pull/914 x_transferred
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry
- RHBZ#2258509 issue-tracking x_refsource_REDHAT
- https://github.com/oVirt/ovirt-engine/pull/914
- https://access.redhat.com/security/cve/CVE-2024-0822 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2258509 issue-tracking x_refsource_REDHAT x_transferred
- https://github.com/oVirt/ovirt-engine/pull/914 x_transferred
- RHSA-2024:0934 x_refsource_REDHAT vendor-advisory x_transferred
Affected products
ovirt-engine
- <4.5.6
- *
Matching in nixpkgs
pkgs.rubyPackages.ovirt-engine-sdk
None
-
nixos-unstable -
- nixpkgs-unstable 4.6.0
pkgs.rubyPackages_3_1.ovirt-engine-sdk
None
-
nixos-unstable -
- nixpkgs-unstable 4.6.0
pkgs.rubyPackages_3_2.ovirt-engine-sdk
None
-
nixos-unstable -
- nixpkgs-unstable 4.6.0
pkgs.rubyPackages_3_3.ovirt-engine-sdk
None
-
nixos-unstable -
- nixpkgs-unstable 4.6.0
pkgs.rubyPackages_3_4.ovirt-engine-sdk
None
-
nixos-unstable -
- nixpkgs-unstable 4.6.0