Bug 1866688
Summary: | CVE-2020-10775 ovirt-engine: Redirect to arbitrary URL allows for phishing | ||
---|---|---|---|
Product: | [oVirt] ovirt-engine | Reporter: | Stoyan Nikolov <snikolov> |
Component: | AAA | Assignee: | Artur Socha <asocha> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Lucie Leistnerova <lleistne> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 4.4.1 | CC: | bugs, lleistne, mperina |
Target Milestone: | ovirt-4.4.2 | Flags: | pm-rhel:
ovirt-4.4+
|
Target Release: | 4.4.2.3 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | rhv-4.4.2-3, ovirt-engine-4.4.2.3 | Doc Type: | No Doc Update |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-09-18 07:12:56 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1847420 |
Description
Stoyan Nikolov
2020-08-06 06:46:35 UTC
user logs in and error is printed - app_url domain differs from SSO_ENGINE_URL or SSO_ALTERNATE_ENGINE_FQDN domains verified in ovirt-engine-4.4.2.3-0.6.el8ev.noarch This bugzilla is included in oVirt 4.4.2 release, published on September 17th 2020. Since the problem described in this bug report should be resolved in oVirt 4.4.2 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report. |