CVE-2020-14301

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-14301
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14301.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-14301
Downstream
Related
Published
2021-05-27T20:15:07.727Z
Modified
2026-06-18T03:55:55.854820928Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpxml command.

Database specific 
{
    "unresolved_ranges": [
        {
            "vendor_product": "redhat:enterprise_linux",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "redhat:enterprise_linux_eus",
            "extracted_events": [
                {
                    "last_affected": "8.4"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "redhat:enterprise_linux_for_ibm_z_systems",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "redhat:enterprise_linux_for_ibm_z_systems_eus",
            "extracted_events": [
                {
                    "last_affected": "8.4"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "redhat:enterprise_linux_for_power_little_endian",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "redhat:enterprise_linux_for_power_little_endian_eus",
            "extracted_events": [
                {
                    "last_affected": "8.4"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "redhat:enterprise_linux_server_aus",
            "extracted_events": [
                {
                    "last_affected": "8.4"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions",
            "extracted_events": [
                {
                    "last_affected": "8.4"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "redhat:enterprise_linux_server_update_services_for_sap_solutions",
            "extracted_events": [
                {
                    "last_affected": "8.4"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "redhat:enterprise_linux_tus",
            "extracted_events": [
                {
                    "last_affected": "8.4"
                }
            ],
            "cpes": [
                "cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git / github.com/libvirt/libvirt

Affected ranges

Type
GIT
Repo
https://github.com/libvirt/libvirt
Events
Introduced
07bb8ff4dd0ca0224754c582390f4a873597c4b9
Fixed
e8aa9f0dfcae0ced905e08dd3b1a9047c808cca7
Database specific 
{
    "extracted_events": [
        {
            "introduced": "6.2.0"
        },
        {
            "fixed": "6.3.0"
        }
    ],
    "cpe": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

v6.*
v6.2.0
v6.3.0-rc1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14301.json"

Git / gitlab.com/libvirt/libvirt

Affected ranges

Type
GIT
Repo
https://gitlab.com/libvirt/libvirt
Events
Introduced
07bb8ff4dd0ca0224754c582390f4a873597c4b9
Fixed
e8aa9f0dfcae0ced905e08dd3b1a9047c808cca7
Database specific 
{
    "extracted_events": [
        {
            "introduced": "6.2.0"
        },
        {
            "fixed": "6.3.0"
        }
    ],
    "cpe": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

v6.*
v6.2.0
v6.3.0-rc1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14301.json"