5

CVE-2014-7823

The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatLibvirt Version <= 1.2.10
RedhatLibvirt Version1.2.0
RedhatLibvirt Version1.2.1
RedhatLibvirt Version1.2.2
RedhatLibvirt Version1.2.3
RedhatLibvirt Version1.2.4
RedhatLibvirt Version1.2.5
RedhatLibvirt Version1.2.6
RedhatLibvirt Version1.2.7
RedhatLibvirt Version1.2.8
RedhatLibvirt Version1.2.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.91% 0.77
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/60895
http://security.gentoo.org/glsa/glsa-201412-04.xml
http://secunia.com/advisories/62303
http://www.ubuntu.com/usn/USN-2404-1
Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html
http://secunia.com/advisories/60010
http://secunia.com/advisories/62058
http://security.libvirt.org/2014/0007.html
Patch
Vendor Advisory