[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-0028Date: (C)2014-01-28   (M)2023-12-22


libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 5.5
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: ADJACENT_NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-60895
GLSA-201412-04
USN-2093-1
https://www.redhat.com/archives/libvir-list/2014-January/msg00684.html
http://libvirt.org/news.html
https://bugzilla.redhat.com/show_bug.cgi?id=1048637
openSUSE-SU-2014:0268

CPE    5
cpe:/a:redhat:libvirt:1.1.4
cpe:/a:redhat:libvirt:1.2.0
cpe:/a:redhat:libvirt:1.1.1
cpe:/a:redhat:libvirt:1.1.2
...
CWE    1
CWE-264
OVAL    6
oval:org.secpod.oval:def:106486
oval:org.secpod.oval:def:26410
oval:org.secpod.oval:def:106315
oval:org.secpod.oval:def:107962
...

© SecPod Technologies