CVE-2020-10775
Summary
| CVE | CVE-2020-10775 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-08-24 17:15:00 UTC |
| Updated | 2023-11-07 03:14:00 UTC |
| Description | An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality. |
Risk And Classification
Problem Types: CWE-601
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oracle | Virtualization | 4.0 | All | All | All |
| Application | Oracle | Virtualization | 4.0 | All | All | All |
| Application | Redhat | Ovirt-engine | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1847420 – (CVE-2020-10775) CVE-2020-10775 ovirt-engine: Redirect to arbitrary URL allows for phishing | MISC | bugzilla.redhat.com | Issue Tracking, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.