Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-14301

Опубликовано: 27 мая 2021
Источник: nvd
CVSS3: 6.5
CVSS2: 4
EPSS Низкий

Описание

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpxml command.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*
Версия от 6.2.0 (включая) до 6.3.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*

EPSS

Процентиль: 50%
0.00264
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-212

Связанные уязвимости

ubuntu логотип

CVE-2020-14301

CVSS3: 6.5
ubuntu
около 4 лет назад

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.

redhat логотип

CVE-2020-14301

CVSS3: 6.5
redhat
больше 5 лет назад

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.

debian логотип

CVE-2020-14301

CVSS3: 6.5
debian
около 4 лет назад

An information disclosure vulnerability was found in libvirt in versio ...

github логотип

GHSA-5qrf-45p7-8vrc

CVSS3: 6.5
github
около 3 лет назад

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.

fstec логотип

BDU:2021-04593

CVSS3: 6.5
fstec
около 5 лет назад

Уязвимость файлов cookie HTTP библиотеки управления виртуализацией Libvirt, связанная с неправильным межграничным удалением критичных данных, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 50%
0.00264
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-212