Vulnerability in Redhat Libvirt
CVE-2014-0028
libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegist…
EPSS: 0.001 (28.0th percentile) — read the EPSS interpretation.
Affected products
- Redhat Libvirt — versions 1.1.1, 1.1.2, 1.1.3
- N/a — versions n/a
Weakness classification (CWE)
References
- USN-2093-1 (x_refsource_UBUNTU, vendor-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- 60895 (x_refsource_SECUNIA, third-party-advisory)
- GLSA-201412-04 (vendor-advisory, x_refsource_GENTOO)
- openSUSE-SU-2014:0268 (vendor-advisory, x_refsource_SUSE)
- [libvirt] 20140115 [PATCH 0/4] CVE-2014-0028: domain events vs. ACL filtering (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)