CVE-2020-14301
published 2021-05-27CVE-2020-14301: An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvirt | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_for_ibm_z_systems | — | — |
| redhat | enterprise_linux_for_ibm_z_systems_eus | — | — |
| redhat | enterprise_linux_for_power_little_endian | — | — |
| redhat | enterprise_linux_for_power_little_endian_eus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solution | — | — |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | — | — |
| redhat | enterprise_linux_tus | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | >= 6.2.0 < 6.3.0 | 6.3.0 |