Vulnerability Details CVE-2020-14301
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2020-14301
-
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-
-
cpe:2.3:a:redhat:codeready_linux_builder:-
-
cpe:2.3:a:redhat:libvirt:6.2.0
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux_eus:8.4
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4
-
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0
-
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4
-
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 8.4cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4
-
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4
-
cpe:2.3:o:redhat:enterprise_linux_tus:8.4