An information disclosure vulnerability was found in libvirt in versions prior to 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an malicious user to access potentially sensitive information in the domain configuration via the `dumpxml` command.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
redhat libvirt |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux tus 8.4 |
||
redhat enterprise linux eus 8.4 |
||
redhat enterprise linux server aus 8.4 |
||
redhat enterprise linux server update services for sap solutions 8.4 |
||
redhat enterprise linux for power little endian 8.0 |
||
redhat enterprise linux for ibm z systems eus 8.4 |
||
redhat enterprise linux for ibm z systems 8.0 |
||
redhat enterprise linux for power little endian eus 8.4 |
||
redhat enterprise linux server for power little endian update services for sap solutions 8.4 |
||
netapp ontap select deploy administration utility - |
||
redhat codeready_linux_builder - |
Vulmon