CVE-2020-10775

CWE-451 CWE-601 — Open Redirect5 documents5 sources

Severity

5.3MEDIUM

EPSS

0.4%

top 38.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Ovirt-engine Oracle Virtualization

Timeline

PublishedAug 24

Latest updateMay 24

Description

An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages3 packages

▶NVDredhat/ovirt-engine4.4

▶CVEListV5ovirt-engineovirt-engine versions before 4.4.2

▶NVDoracle/virtualization4.0

🔴Vulnerability Details

GHSA

GHSA-7wqr-p83r-v6rj: An Open redirect vulnerability was found in ovirt-engine versions 4↗2022-05-24

▶

CVEList

CVE-2020-10775: An Open redirect vulnerability was found in ovirt-engine versions 4↗2020-08-24

▶

📋Vendor Advisories

Red Hat

ovirt-engine: Redirect to arbitrary URL allows for phishing↗2020-08-04

▶

💬Community

Bugzilla

CVE-2020-10775 ovirt-engine: Redirect to arbitrary URL allows for phishing↗2020-06-16

▶