CVE-2020-10775

{"id": "CVE-2020-10775", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2020-08-24T17:15:10.867", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847420", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847420", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-451"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad de redireccionamiento Abierto en ovirt-engine versiones 4.4 y anteriores , donde permite a atacantes remotos redireccionar a usuarios a sitios web arbitrarios e intentar ataques de phishing. Una vez que el objetivo ha abierto la URL maliciosa en su navegador, la parte cr\u00edtica de la URL ya no es visible. La mayor amenaza de esta vulnerabilidad es la confidencialidad."}], "lastModified": "2024-11-21T04:56:02.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:virtualization:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A303983A-E6D6-4CBC-B2DC-0293EFB623AC"}, {"criteria": "cpe:2.3:a:redhat:ovirt-engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9261D6EB-0549-49F5-943F-ADC7141C636C", "versionEndIncluding": "4.4"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}