Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-10161

Опубликовано: 30 июл. 2019
Источник: nvd
CVSS3: 8.8
CVSS3: 7.8
CVSS2: 7.2
EPSS Низкий

Описание

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*
Версия до 4.10.1 (исключая)
cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*
Версия от 5.0.0 (включая) до 5.4.1 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

Одно из

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

EPSS

Процентиль: 23%
0.00073
Низкий

8.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-284
CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2019-10161

CVSS3: 7.8
ubuntu
почти 6 лет назад

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.

redhat логотип

CVE-2019-10161

CVSS3: 8.8
redhat
около 6 лет назад

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.

debian логотип

CVE-2019-10161

CVSS3: 7.8
debian
почти 6 лет назад

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would ...

suse-cvrf логотип

SUSE-SU-2019:1690-1

suse-cvrf
почти 6 лет назад

Security update for libvirt

suse-cvrf логотип

SUSE-SU-2019:14100-1

suse-cvrf
около 6 лет назад

Security update for libvirt

EPSS

Процентиль: 23%
0.00073
Низкий

8.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-284
CWE-22