Description

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.

Related CPE's

a

redhat

libvirt

Vulnerable

o

redhat

enterprise_linux

2

o

redhat

enterprise_linux_eus

2

o

redhat

enterprise_linux_for_ibm_z_systems

2

o

redhat

enterprise_linux_for_ibm_z_systems_eus

2

o

redhat

enterprise_linux_for_power_little_endian

2

o

redhat

enterprise_linux_for_power_little_endian_eus

2

o

redhat

enterprise_linux_server_aus

8.4

Vulnerable

o

redhat

enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions

8.4

Vulnerable

o

redhat

enterprise_linux_server_update_services_for_sap_solutions

8.4

Vulnerable

o

redhat

enterprise_linux_tus

8.4

Vulnerable

a

netapp

ontap_select_deploy_administration_utility

-

Vulnerable

a

redhat

codeready_linux_builder

-

Vulnerable

References

https://bugzilla.redhat.com/show_bug.cgi?id=1848640

Issue TrackingPatchVendor Advisory

https://security.netapp.com/advisory/ntap-20210629-0007/

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-212

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-05-27T20:15:07.727

4 years ago

Last modified

2022-05-13T20:47:52.537

3 years ago