CVE-2014-0153
oVirt < 3.4.0 - Exposure of Sensitive Information via HTML5 Local Storage
Title source: llmDescription
The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.
References (2)
Core 2
Core References
Patch x_refsource_confirm
http://gerrit.ovirt.org/#/c/25987/
Patch, Vendor Advisory x_refsource_confirm
http://www.ovirt.org/Security_advisories
Scores
EPSS
0.0133
EPSS Percentile
67.7%
Details
CWE
CWE-200
Status
published
Products (1)
ovirt/ovirt
< 3.4.0
Published
Sep 08, 2014
Tracked Since
Feb 18, 2026