An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/107777 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHBA-2019:3723 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886 | Exploit Issue Tracking Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/ | |
https://usn.ubuntu.com/4021-1/ | Third Party Advisory |
Configurations
History
10 Nov 2022, 04:30
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* |
02 Nov 2021, 20:18
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 |
Information
Published : 2019-04-04 16:29
Updated : 2024-02-04 20:20
NVD link : CVE-2019-3886
Mitre link : CVE-2019-3886
CVE.ORG link : CVE-2019-3886
JSON object : View
Products Affected
redhat
- libvirt
fedoraproject
- fedora
opensuse
- leap
CWE
CWE-862
Missing Authorization