An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command.
https://github.com/oVirt/ovirt-engine/pull/914
https://bugzilla.redhat.com/show_bug.cgi?id=2258509