Description
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.
Related CPE's
o
redhat
enterprise_linux
o
redhat
enterprise_linux_eus
o
redhat
enterprise_linux_for_ibm_z_systems
o
redhat
enterprise_linux_for_ibm_z_systems_eus
o
redhat
enterprise_linux_for_power_little_endian
o
redhat
enterprise_linux_for_power_little_endian_eus
References
https://bugzilla.redhat.com/show_bug.cgi?id=1848640
https://security.netapp.com/advisory/ntap-20210629-0007/
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-05-27T20:15:07.727
4 years agoLast modified
2022-05-13T20:47:52.537
3 years ago