CVE-2020-14301

EPSS 0.35%
Veröffentlicht 27.05.2021 20:15:07
Zuletzt bearbeitet 21.11.2024 05:02:57
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Libvirt Version >= 6.2.0 < 6.3.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Eus Version8.4

Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.4

Redhat ≫ Enterprise Linux For Power Little Endian Version8.0

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.4

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.4

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version8.4

Redhat ≫ Enterprise Linux Tus Version8.4

Netapp ≫ Ontap Select Deploy Administration Utility Version-

Redhat ≫ Codeready Linux Builder Version-

   Redhat ≫ Enterprise Linux Version8.0
   Redhat ≫ Enterprise Linux Eus Version8.4
   Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0
   Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.4
   Redhat ≫ Enterprise Linux For Power Little Endian Version8.0
   Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.35%	0.569

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer

The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

https://bugzilla.redhat.com/show_bug.cgi?id=1848640

Patch

Vendor Advisory

Issue Tracking

https://security.netapp.com/advisory/ntap-20210629-0007/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-14301

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-14301

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-14301

EUVD