CVE-2020-14301

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-14301

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14301.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-14301

Related

Published

2021-05-27T20:15:07Z

Modified

2024-09-03T03:17:09.418907Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpxml command.

References

Affected packages

Git / github.com/libvirt/libvirt

Affected ranges

Type: GIT
Repo: https://github.com/libvirt/libvirt
Events: Introduced

07bb8ff4dd0ca0224754c582390f4a873597c4b9

Fixed

e8aa9f0dfcae0ced905e08dd3b1a9047c808cca7

Affected versions

v6.*

v6.2.0

v6.3.0-rc1