Standard user is able to fetch admin user's record and one of the linked resources(ssh keys).
Acknowledgments: Name: Martin Perina
Upstream fix: https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=d663972f8a144b283591e46693f0aa27a9f2e859
This issue has been addressed in the following products: Red Hat Virtualization Engine 4.4 Via RHSA-2021:0383 https://access.redhat.com/errata/RHSA-2021:0383
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-35497