ALT-PU-2020-1938-1
Closed vulnerabilities
Published: 2020-06-17
BDU:2021-04593
Уязвимость файлов cookie HTTP библиотеки управления виртуализацией Libvirt, связанная с неправильным межграничным удалением критичных данных, позволяющая нарушителю получить доступ к конфиденциальным данным
Severity: MEDIUM (6.5)
Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2021-05-27
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-14301
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References: