CVE-2019-3886: An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent…

medium5.4CVSS 3.0

AVAACLPRNUINSUCLINAL

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.

Affected

20 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	libvirt	< libvirt 5.0.0-2 (bookworm)	libvirt 5.0.0-2 (bookworm)
debian	libvirt	< libvirt 1.3.1-1 (bookworm)	libvirt 1.3.1-1 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
msrc	cbl_mariner_1.0_arm	—	—
msrc	cbl_mariner_1.0_x64	—	—
msrc	cm1_libvirt_6.1.0-1_on_cbl_mariner_1.0	—	—
opensuse	leap	—	—
redhat	libvirt	< 1.3.1	1.3.1
redhat	libvirt	>= 0 < 5.0.0-2	5.0.0-2
redhat	libvirt	>= 0 < 1.3.1-1	1.3.1-1
redhat	libvirt	>= 0 < 5.0.0-2	5.0.0-2
redhat	libvirt	>= 0 < 1.3.1-1	1.3.1-1
redhat	libvirt	>= 0 < 5.0.0-2	5.0.0-2
redhat	libvirt	>= 0 < 1.3.1-1	1.3.1-1
redhat	libvirt	>= 0 < 5.0.0-2	5.0.0-2
redhat	libvirt	>= 0 < 1.3.1-1	1.3.1-1
redhat	libvirt	>= 4.8.0 < 5.3.0	5.3.0
the_libvirt_project	libvirt	—	—

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

nvdv3.15.4MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

osv7.5HIGH