Daniel Erez of Red Hat reports: RHEV's MLA system allows users with the MANIPULATE_STORAGE_DOMAIN permissions to attach a storage domain to an initialized data-center, the permissions check is being only made against the storage domain and not the data-center allowing faulty storage domains for example to be attached causing a DoS.
Statement: This issue affects the versions of ovirt-engine-backend as shipped with Red Hat Enterprise Virtualization 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.