Описание
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpxml command.
An information disclosure vulnerability was found in libvirt. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw could allow a malicious user with a read-only connection to access potentially sensitive information in the domain configuration via the dumpxml command.
Отчет
Support for cookies for HTTP based disks was introduced in libvirt upstream version 6.2.0. Red Hat Enterprise Linux 5, 6, 7 and 8 are not affected by this issue, as they ship older versions of the libvirt package. Red Hat Enterprise Linux Advanced Virtualization 8 is the only affected product.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libvirt | Not affected | ||
| Red Hat Enterprise Linux 6 | libvirt | Not affected | ||
| Red Hat Enterprise Linux 7 | libvirt | Not affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:8.2/libvirt | Affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:8.3/libvirt | Affected | ||
| Advanced Virtualization for RHEL 8.2.1 | virt | Fixed | RHBA-2020:3172 | 28.07.2020 |
| Advanced Virtualization for RHEL 8.2.1 | virt-devel | Fixed | RHBA-2020:3172 | 28.07.2020 |
| Red Hat Enterprise Linux 8 | virt-devel | Fixed | RHSA-2020:4676 | 04.11.2020 |
| Red Hat Enterprise Linux 8 | virt | Fixed | RHSA-2020:4676 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.
An information disclosure vulnerability was found in libvirt in versio ...
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.
Уязвимость файлов cookie HTTP библиотеки управления виртуализацией Libvirt, связанная с неправильным межграничным удалением критичных данных, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
6.5 Medium
CVSS3