Description


An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.

Related CPE's


Vulnerable

o

redhat

enterprise_linux

2

o

redhat

enterprise_linux_eus

2

o

redhat

enterprise_linux_for_ibm_z_systems

2

o

redhat

enterprise_linux_for_ibm_z_systems_eus

2

o

redhat

enterprise_linux_for_power_little_endian

2

o

redhat

enterprise_linux_for_power_little_endian_eus

2






Weaknesses



CWE-212

CVSS impact metrics


CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-05-27T20:15:07.727

4 years ago

Last modified

2022-05-13T20:47:52.537

3 years ago