libvirt 1.1.1 up to and including 1.2.0 allows context-dependent malicious users to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat libvirt 1.1.2 |
||
redhat libvirt 1.1.4 |
||
redhat libvirt 1.1.1 |
||
redhat libvirt 1.1.3 |
||
redhat libvirt 1.2.0 |