An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1848640 | Issue Tracking Patch Vendor Advisory |
https://security.netapp.com/advisory/ntap-20210629-0007/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Information
Published : 2021-05-27 13:15
Updated : 2022-05-13 13:47
NVD link : CVE-2020-14301
Mitre link : CVE-2020-14301
JSON object : View
CWE
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
Products Affected
redhat
- enterprise_linux_for_power_little_endian
- enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
- enterprise_linux_server_aus
- enterprise_linux
- enterprise_linux_for_ibm_z_systems
- codeready_linux_builder
- libvirt
- enterprise_linux_for_ibm_z_systems_eus
- enterprise_linux_server_update_services_for_sap_solutions
- enterprise_linux_for_power_little_endian_eus
- enterprise_linux_tus
- enterprise_linux_eus
netapp
- ontap_select_deploy_administration_utility