CVE-2020-14301

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-14301
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14301.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-14301
Downstream
Related
Published
2021-05-27T20:15:07.727Z
Modified
2026-03-14T10:12:23.860245Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpxml command.

References

Affected packages

Git / github.com/libvirt/libvirt

Affected ranges

Type
GIT
Repo
https://github.com/libvirt/libvirt
Events
Introduced
07bb8ff4dd0ca0224754c582390f4a873597c4b9
Fixed
e8aa9f0dfcae0ced905e08dd3b1a9047c808cca7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5f6025945bf0f98debcd4ad8cf064e9cadca1cc9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0c92b0842630a112c547e030f7f6a48033eccb16
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5f6025945bf0f98debcd4ad8cf064e9cadca1cc9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0c92b0842630a112c547e030f7f6a48033eccb16
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5f6025945bf0f98debcd4ad8cf064e9cadca1cc9
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0c92b0842630a112c547e030f7f6a48033eccb16
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0c92b0842630a112c547e030f7f6a48033eccb16
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0c92b0842630a112c547e030f7f6a48033eccb16
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0c92b0842630a112c547e030f7f6a48033eccb16
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0c92b0842630a112c547e030f7f6a48033eccb16
Database specific 
{
    "versions": [
        {
            "introduced": "6.2.0"
        },
        {
            "fixed": "6.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.4"
        }
    ]
}

Affected versions

v6.*
v6.2.0
v6.3.0-rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14301.json"