CVE-2015-1780 : oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage doma

oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center

Published 2019-11-22 15:15:11

Updated 2019-11-25 16:31:34

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2015-1780

Redhat » Virtualization » Version: 3.0
cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
Matching versions
Redhat » Ovirt-engine » Version: N/A
cpe:2.3:a:redhat:ovirt-engine:-:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 36 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Assigned by: nvd@nist.gov (Primary)

https://access.redhat.com/security/cve/cve-2015-1780

Red Hat Customer Portal
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1780

1199389 – (CVE-2015-1780) CVE-2015-1780 oVirt: Users with MANIPULATE_STORAGE_DOMAIN can attach a storage domain to any data-center
Issue Tracking;Third Party Advisory

Jump to