ALT-PU-2020-1938-1

Package update libvirt in branch sisyphus

Version6.3.0-alt1

Published2020-05-08

Max severityMEDIUM

Severity:

Closed issues (2)

MEDIUM6.5

Уязвимость файлов cookie HTTP библиотеки управления виртуализацией Libvirt, связанная с неправильным межграничным удалением критичных данных, позволяющая нарушителю получить доступ к конфиденциальным данным

Published: 2021-09-20Modified: 2022-10-18

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N

References

CVE-2020-14301

MEDIUM6.5

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.

Published: 2021-05-27Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References