CVE-2020-14301

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-14301
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14301.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-14301
Related
Published
2021-05-27T20:15:07Z
Modified
2024-10-12T06:01:51.945116Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpxml command.

References

Affected packages

Git / github.com/libvirt/libvirt

Affected ranges

Type
GIT
Repo
https://github.com/libvirt/libvirt
Events

Affected versions

v6.*

v6.2.0
v6.3.0-rc1