libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat libvirt |
||
debian debian linux 9.0 |