Vulnerability Details : CVE-2020-10775
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.
Vulnerability category: Open redirect
Products affected by CVE-2020-10775
- cpe:2.3:a:redhat:ovirt-engine:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:virtualization:4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-10775
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-10775
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.6
|
LOW | AV:N/AC:H/Au:N/C:P/I:N/A:N |
4.9
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N |
1.6
|
3.6
|
NIST |
CWE ids for CVE-2020-10775
-
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.Assigned by: secalert@redhat.com (Secondary)
-
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2020-10775
-
https://bugzilla.redhat.com/show_bug.cgi?id=1847420
1847420 – (CVE-2020-10775) CVE-2020-10775 ovirt-engine: Redirect to arbitrary URL allows for phishingIssue Tracking;Vendor Advisory
Jump to