The python SDK prior to 3.1.0.6 and CLI prior to 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote malicious users to spoof a server via a man-in-the-middle (MITM) attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ovirt ovirt 3.1 |
||
ovirt ovirt-engine-cli |
||
ovirt-engine-sdk 3.1.0.5 |