Описание
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libvirt | Will not fix | ||
| Red Hat Enterprise Linux 6 | libvirt | Will not fix | ||
| Red Hat Enterprise Linux 7 | libvirt | Will not fix | ||
| Red Hat Enterprise Virtualization 3 | mingw-virt-viewer | Will not fix | ||
| Red Hat Storage 3 | libvirt | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-295
https://bugzilla.redhat.com/show_bug.cgi?id=1503658libvirt: TLS certificate verification disabled for clients
EPSS
Процентиль: 74%
0.00866
Низкий
5 Medium
CVSS3
Связанные уязвимости
CVSS3: 8.1
ubuntu
почти 8 лет назад
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
CVSS3: 8.1
nvd
почти 8 лет назад
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
CVSS3: 8.1
debian
почти 8 лет назад
libvirt version 2.3.0 and later is vulnerable to a bad default configu ...
EPSS
Процентиль: 74%
0.00866
Низкий
5 Medium
CVSS3