Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2015-0888.html | Vendor Advisory |
http://www.securitytracker.com/id/1032231 |
Configurations
History
12 Feb 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain. |
02 Feb 2023, 20:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | It was discovered that the permissions to allow or deny snapshot creation were ignored during live storage migration of a VM's disk between storage domains. An attacker able to live migrate a disk between storage domains could use this flaw to cause a denial of service. |
Information
Published : 2015-05-01 15:59
Updated : 2023-12-10 11:31
NVD link : CVE-2015-0237
Mitre link : CVE-2015-0237
CVE.ORG link : CVE-2015-0237
JSON object : View
Products Affected
redhat
- enterprise_virtualization_manager
CWE
CWE-264
Permissions, Privileges, and Access Controls