Bug 1684978 (CVE-2019-3879)
| Summary: | CVE-2019-3879 ovirt-engine: Missing permissions check in web ui allows a user with basic privileges to delete disks | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Doran Moppert <dmoppert> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | ON_QA --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | bmcclain, eedri, lsvaty, michal.skrivanek, obockows, sherold |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ovirt-engine 4.3.2.1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
It was discovered that in the ovirt REST API, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges (e.g. Basic Operations) could exploit this flaw to delete disks attached to guests.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1642872, 1692380 | ||
| Bug Blocks: | 1679052 | ||
|
Description
Doran Moppert
2019-03-04 04:09:00 UTC
Upstream fix: https://gerrit.ovirt.org/#/c/98153/ (In reply to Doran Moppert from comment #2) > Upstream fix: > > https://gerrit.ovirt.org/#/c/98153/ $ git tag --contains b6840a6c6221470c31e5f4d9f718239a9d44149d ovirt-engine-4.3.2.1 ovirt-engine-4.3.3 ovirt-engine-4.3.3.1 ovirt-engine-4.3.3.2 ovirt-engine-4.3.3.3 ovirt-engine-4.3.3.4 ovirt-engine-4.3.3.5 ovirt-engine-4.3.3.6 This issue was addressed in the following erratum for Red Hat Virtualization 4.2: https://access.redhat.com/errata/RHBA-2019:0802 |