Information disclosure

2021-05-2720:15:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.5%

JSON

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpxml command.

CPENameOperatorVersion
enterprise_linuxeq8.0
enterprise_linux_euseq8.4
enterprise_linux_for_ibm_z_systemseq8.0
enterprise_linux_for_ibm_z_systems_euseq8.4
enterprise_linux_for_power_little_endianeq8.0
enterprise_linux_for_power_little_endian_euseq8.4
enterprise_linux_server_auseq8.4
enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionseq8.4
enterprise_linux_server_update_services_for_sap_solutionseq8.4
enterprise_linux_tuseq8.4

Name	Operator	Version
enterprise_linux	eq	8.0
enterprise_linux_eus	eq	8.4
enterprise_linux_for_ibm_z_systems	eq	8.0
enterprise_linux_for_ibm_z_systems_eus	eq	8.4
enterprise_linux_for_power_little_endian	eq	8.0
enterprise_linux_for_power_little_endian_eus	eq	8.4
enterprise_linux_server_aus	eq	8.4
enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	eq	8.4
enterprise_linux_server_update_services_for_sap_solutions	eq	8.4
enterprise_linux_tus	eq	8.4