CVE-2014-0153

oVirt < 3.4.0 - Exposure of Sensitive Information via HTML5 Local Storage

Title source: llm
STIX 2.1

Description

The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.

References (2)

Core 2
Core References
Patch x_refsource_confirm
http://gerrit.ovirt.org/#/c/25987/
Patch, Vendor Advisory x_refsource_confirm
http://www.ovirt.org/Security_advisories

Scores

EPSS 0.0133
EPSS Percentile 67.7%

Details

CWE
CWE-200
Status published
Products (1)
ovirt/ovirt < 3.4.0
Published Sep 08, 2014
Tracked Since Feb 18, 2026