Main Vulnerability Database Vulnerabilities #VU18847

Permissions, Privileges, and Access Controls in libvirt - CVE-2019-3886

Published: June 19, 2019

Vulnerability identifier: #VU18847

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-3886

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: libvirt.org

Affected software:
libvirt

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information or perform denial of service (DoS) attack.

The vulnerability exists due to the application allows readonly permissions to invoke the APIs depending on the guest agent. A remote non-authenticated attacker can gain access to sensitive information or perform denial of service attack.

How to mitigate CVE-2019-3886

Install updates from vendor's website.

Sources

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html
http://www.securityfocus.com/bid/107777
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886

Permissions, Privileges, and Access Controls in libvirt - CVE-2019-3886

Detailed vulnerability description

How to mitigate CVE-2019-3886

Sources

Please verify you're human