CVE-2019-3886
MEDIUMlibvirt >=4.8.0 <5.3.0 - Missing Authorization for Guest Agent APIs
Title source: llmDescription
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/107777
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4021-1/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHBA-2019:3723
Exploit, Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886
Scores
CVSS v3
5.4
EPSS
0.0046
EPSS Percentile
64.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Details
CWE
CWE-862
Status
published
Products (4)
fedoraproject/fedora
29
fedoraproject/fedora
30
opensuse/leap
42.3
redhat/libvirt
4.8.0 - 5.3.0
Published
Apr 04, 2019
Tracked Since
Feb 18, 2026