CVE-2014-0028
published 2014-01-24CVE-2014-0028: libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain…
medium4.3CVSS 3.1
AVAACMAuNCPINAP
libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvirt | < libvirt 1.2.1-1 (bookworm) | libvirt 1.2.1-1 (bookworm) |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | >= 0 < 1.2.1-1 | 1.2.1-1 |
| redhat | libvirt | >= 0 < 1.2.1-1 | 1.2.1-1 |
| redhat | libvirt | >= 0 < 1.2.1-1 | 1.2.1-1 |
| redhat | libvirt | >= 0 < 1.2.1-1 | 1.2.1-1 |
CVSS provenance
nvd4.3MEDIUMAV:A/AC:M/Au:N/C:P/I:N/A:P
osv4.3MEDIUM