CVE & CISA-KEV Catalog

CVE-2024-0822

HIGH
7.5
CVSS v3
NVD

Description

An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.

How to fix

Remediation Available
ovirt-engineRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engineRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-backendRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-backendRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-dbscriptsRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-dbscriptsRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-health-check-bundlerRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-health-check-bundlerRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-restapiRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-restapiRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-setupRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-setupRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-setup-baseRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-setup-baseRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-setup-plugin-cinderlibRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-setup-plugin-cinderlibRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-setup-plugin-imageioRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-setup-plugin-imageioRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-setup-plugin-ovirt-engineRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-setup-plugin-ovirt-engineRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-setup-plugin-ovirt-engine-commonRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-setup-plugin-ovirt-engine-commonRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-setup-plugin-vmconsole-proxy-helperRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-setup-plugin-vmconsole-proxy-helperRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-setup-plugin-websocket-proxyRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-setup-plugin-websocket-proxyRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-toolsRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-toolsRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-tools-backupRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-tools-backupRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-vmconsole-proxy-helperRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-vmconsole-proxy-helperRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-webadmin-portalRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-webadmin-portalRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-websocket-proxyRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
ovirt-engine-websocket-proxyRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
python3-ovirt-engine-libRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
python3-ovirt-engine-libRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
rhvmRed Hat / RHEL
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934
rhvmRocky
Fixed in:0:4.5.3.10-1.el8evRHSA-2024:0934

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityHigh
AvailabilityNone

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploit Intelligence

0.71%probability of exploitation in 30 days
49thpercentile

Moderate risk: more likely to be exploited than 49% of all known CVEs.

References

Third-Party Advisory1
Embed a live status badge for CVE-2024-0822
CVE-2024-0822 severity badge

Markdown

[![CVE-2024-0822](https://tridentstack.com/cve/badge/CVE-2024-0822.svg)](https://tridentstack.com/cve/CVE-2024-0822)

HTML

<a href="https://tridentstack.com/cve/CVE-2024-0822"><img src="https://tridentstack.com/cve/badge/CVE-2024-0822.svg" alt="CVE-2024-0822"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.