CVE-2020-10775
Advisory lineage Upstream: 0 Downstream: 1
Downstream
Modified
Published: 24 Aug 2020, 16:13
Last modified:04 Aug 2024, 11:14
Vulnerability Summary
Overall Risk (default)
low
21/100 CVSS Score
5.3 MEDIUM
v3.1 (nvd)
EPSS Score
0.41% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
24 Aug 2020, 16:13
Published
Vulnerability first disclosed
04 Aug 2024, 11:14
Last Modified
Vulnerability information updated
Description
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
- v2.0•LOW•Score: 2.6AV:N/AC:H/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.41%• Percentile: 62%
Techniques & Countermeasures
- CWE-601•URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
- CWE-451•User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
Affected Systems
- oracle•virtualization
4.0
- redhat•ovirt-engine
≤ 4.4