CVE-2020-14301

MEDIUM

Redhat Libvirt < 6.3.0 - Information Disclosure

Title source: rule

Description

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.

References (2)

[Issue Tracking, Patch, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1848640

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20210629-0007/

Scores

CVSS v3 6.5

EPSS 0.0049

EPSS Percentile 65.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-212

Status published

Products (13)

netapp/ontap_select_deploy_administration_utility

redhat/codeready_linux_builder

redhat/enterprise_linux 8.0

redhat/enterprise_linux_eus 8.4

redhat/enterprise_linux_for_ibm_z_systems 8.0

redhat/enterprise_linux_for_ibm_z_systems_eus 8.4

redhat/enterprise_linux_for_power_little_endian 8.0

redhat/enterprise_linux_for_power_little_endian_eus 8.4

redhat/enterprise_linux_server_aus 8.4

redhat/enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4

... and 3 more

Published May 27, 2021

Tracked Since Feb 18, 2026