An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/107777 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHBA-2019:3723 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886 | Exploit Issue Tracking Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/ | |
https://usn.ubuntu.com/4021-1/ | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-04-04 16:29
Updated : 2024-02-28 17:08
NVD link : CVE-2019-3886
Mitre link : CVE-2019-3886
CVE.ORG link : CVE-2019-3886
JSON object : View
Products Affected
opensuse
- leap
fedoraproject
- fedora
redhat
- libvirt
CWE
CWE-862
Missing Authorization