An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1848640 | Issue Tracking Patch Vendor Advisory |
https://security.netapp.com/advisory/ntap-20210629-0007/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
History
13 May 2022, 20:47
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CPE | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:* |
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:* |
15 Jun 2021, 16:06
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
02 Jun 2021, 17:28
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1848640 - Issue Tracking, Patch, Vendor Advisory | |
CPE | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.2.1:*:*:*:advanced_virtualization:*:*:* cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
27 May 2021, 21:19
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-212 |
27 May 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-05-27 20:15
Updated : 2024-02-04 21:47
NVD link : CVE-2020-14301
Mitre link : CVE-2020-14301
CVE.ORG link : CVE-2020-14301
JSON object : View
Products Affected
redhat
- enterprise_linux_for_ibm_z_systems_eus
- enterprise_linux_for_ibm_z_systems
- enterprise_linux_tus
- enterprise_linux_server_aus
- enterprise_linux_for_power_little_endian_eus
- libvirt
- enterprise_linux
- enterprise_linux_server_update_services_for_sap_solutions
- enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
- enterprise_linux_eus
- enterprise_linux_for_power_little_endian
- codeready_linux_builder
netapp
- ontap_select_deploy_administration_utility
CWE
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer