CVE-2020-14301
Description
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpxml command.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.49
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Hivex update (ELSA-2023-3822) hivex-1.3.18-23.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Hivex-devel update (ELSA-2023-3822) hivex-devel-1.3.18-23.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libguestfs update (ELSA-2023-3822) libguestfs-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libguestfs-appliance update (ELSA-2023-3822) libguestfs-appliance-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libguestfs-bash-completion update (ELSA-2023-3822) libguestfs-bash-completion-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.noarch.rpm | Linux |
| Libguestfs-devel update (ELSA-2023-3822) libguestfs-devel-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libguestfs-gfs2 update (ELSA-2023-3822) libguestfs-gfs2-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libguestfs-gobject update (ELSA-2023-3822) libguestfs-gobject-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libguestfs-gobject-devel update (ELSA-2023-3822) libguestfs-gobject-devel-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libguestfs-inspect-icons update (ELSA-2023-3822) libguestfs-inspect-icons-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.noarch.rpm | Linux |
| Libguestfs-java update (ELSA-2023-3822) libguestfs-java-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libguestfs-java-devel update (ELSA-2023-3822) libguestfs-java-devel-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libguestfs-javadoc update (ELSA-2023-3822) libguestfs-javadoc-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.noarch.rpm | Linux |
| Libguestfs-man-pages-ja update (ELSA-2023-3822) libguestfs-man-pages-ja-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.noarch.rpm | Linux |
| Libguestfs-man-pages-uk update (ELSA-2023-3822) libguestfs-man-pages-uk-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.noarch.rpm | Linux |
| Libguestfs-rescue update (ELSA-2023-3822) libguestfs-rescue-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libguestfs-rsync update (ELSA-2023-3822) libguestfs-rsync-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libguestfs-tools update (ELSA-2023-3822) libguestfs-tools-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.noarch.rpm | Linux |
| Libguestfs-tools-c update (ELSA-2023-3822) libguestfs-tools-c-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libguestfs-winsupport update (ELSA-2023-3822) libguestfs-winsupport-8.8-1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libguestfs-xfs update (ELSA-2023-3822) libguestfs-xfs-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libiscsi update (ELSA-2023-3822) libiscsi-1.18.0-8.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libiscsi-devel update (ELSA-2023-3822) libiscsi-devel-1.18.0-8.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libiscsi-utils update (ELSA-2023-3822) libiscsi-utils-1.18.0-8.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libnbd update (ELSA-2023-3822) libnbd-1.6.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libnbd-bash-completion update (ELSA-2023-3822) libnbd-bash-completion-1.6.0-5.module+el8.8.0+20990+60c1530a.noarch.rpm | Linux |
| Libnbd-devel update (ELSA-2023-3822) libnbd-devel-1.6.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libtpms update (ELSA-2023-3822) libtpms-0.9.1-2.20211126git1ff6fe1f43.module+el8.8.0+21044+01700444.x86_64.rpm | Linux |
| Libtpms-devel update (ELSA-2023-3822) libtpms-devel-0.9.1-2.20211126git1ff6fe1f43.module+el8.8.0+21044+01700444.x86_64.rpm | Linux |
| Libvirt update (ELSA-2023-3822) libvirt-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-client update (ELSA-2023-3822) libvirt-client-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon update (ELSA-2023-3822) libvirt-daemon-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-config-network update (ELSA-2023-3822) libvirt-daemon-config-network-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-config-nwfilter update (ELSA-2023-3822) libvirt-daemon-config-nwfilter-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-driver-interface update (ELSA-2023-3822) libvirt-daemon-driver-interface-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-driver-network update (ELSA-2023-3822) libvirt-daemon-driver-network-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-driver-nodedev update (ELSA-2023-3822) libvirt-daemon-driver-nodedev-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-driver-nwfilter update (ELSA-2023-3822) libvirt-daemon-driver-nwfilter-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-driver-qemu update (ELSA-2023-3822) libvirt-daemon-driver-qemu-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-driver-secret update (ELSA-2023-3822) libvirt-daemon-driver-secret-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-driver-storage update (ELSA-2023-3822) libvirt-daemon-driver-storage-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-driver-storage-core update (ELSA-2023-3822) libvirt-daemon-driver-storage-core-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-driver-storage-disk update (ELSA-2023-3822) libvirt-daemon-driver-storage-disk-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-driver-storage-gluster update (ELSA-2023-3822) libvirt-daemon-driver-storage-gluster-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-driver-storage-iscsi update (ELSA-2023-3822) libvirt-daemon-driver-storage-iscsi-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-driver-storage-iscsi-direct update (ELSA-2023-3822) libvirt-daemon-driver-storage-iscsi-direct-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-driver-storage-logical update (ELSA-2023-3822) libvirt-daemon-driver-storage-logical-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-driver-storage-mpath update (ELSA-2023-3822) libvirt-daemon-driver-storage-mpath-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-driver-storage-rbd update (ELSA-2023-3822) libvirt-daemon-driver-storage-rbd-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-driver-storage-scsi update (ELSA-2023-3822) libvirt-daemon-driver-storage-scsi-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-daemon-kvm update (ELSA-2023-3822) libvirt-daemon-kvm-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-dbus update (ELSA-2023-3822) libvirt-dbus-1.3.0-2.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Libvirt-devel update (ELSA-2023-3822) libvirt-devel-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-docs update (ELSA-2023-3822) libvirt-docs-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-libs update (ELSA-2023-3822) libvirt-libs-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-lock-sanlock update (ELSA-2023-3822) libvirt-lock-sanlock-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-nss update (ELSA-2023-3822) libvirt-nss-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Libvirt-wireshark update (ELSA-2023-3822) libvirt-wireshark-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Lua-guestfs update (ELSA-2023-3822) lua-guestfs-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdfuse update (ELSA-2023-3822) nbdfuse-1.6.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit update (ELSA-2023-3822) nbdkit-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit-bash-completion update (ELSA-2023-3822) nbdkit-bash-completion-1.24.0-5.module+el8.8.0+20990+60c1530a.noarch.rpm | Linux |
| Nbdkit-basic-filters update (ELSA-2023-3822) nbdkit-basic-filters-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit-basic-plugins update (ELSA-2023-3822) nbdkit-basic-plugins-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit-curl-plugin update (ELSA-2023-3822) nbdkit-curl-plugin-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit-devel update (ELSA-2023-3822) nbdkit-devel-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit-example-plugins update (ELSA-2023-3822) nbdkit-example-plugins-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit-gzip-filter update (ELSA-2023-3822) nbdkit-gzip-filter-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit-gzip-plugin update (ELSA-2023-3822) nbdkit-gzip-plugin-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit-linuxdisk-plugin update (ELSA-2023-3822) nbdkit-linuxdisk-plugin-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit-nbd-plugin update (ELSA-2023-3822) nbdkit-nbd-plugin-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit-python-plugin update (ELSA-2023-3822) nbdkit-python-plugin-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit-server update (ELSA-2023-3822) nbdkit-server-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit-ssh-plugin update (ELSA-2023-3822) nbdkit-ssh-plugin-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit-tar-filter update (ELSA-2023-3822) nbdkit-tar-filter-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit-tar-plugin update (ELSA-2023-3822) nbdkit-tar-plugin-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit-tmpdisk-plugin update (ELSA-2023-3822) nbdkit-tmpdisk-plugin-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit-vddk-plugin update (ELSA-2023-3822) nbdkit-vddk-plugin-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Nbdkit-xz-filter update (ELSA-2023-3822) nbdkit-xz-filter-1.24.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Netcf update (ELSA-2023-3822) netcf-0.2.8-12.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Netcf-devel update (ELSA-2023-3822) netcf-devel-0.2.8-12.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Netcf-libs update (ELSA-2023-3822) netcf-libs-0.2.8-12.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Perl-Sys-Guestfs update (ELSA-2023-3822) perl-Sys-Guestfs-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Perl-Sys-Virt update (ELSA-2023-3822) perl-Sys-Virt-8.0.0-1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Perl-hivex update (ELSA-2023-3822) perl-hivex-1.3.18-23.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Python3-hivex update (ELSA-2023-3822) python3-hivex-1.3.18-23.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Python3-libguestfs update (ELSA-2023-3822) python3-libguestfs-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Python3-libnbd update (ELSA-2023-3822) python3-libnbd-1.6.0-5.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Python3-libvirt update (ELSA-2023-3822) python3-libvirt-8.0.0-2.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Qemu-guest-agent update (ELSA-2023-3822) qemu-guest-agent-6.2.0-32.module+el8.8.0+21044+01700444.x86_64.rpm | Linux |
| Qemu-img update (ELSA-2023-3822) qemu-img-6.2.0-32.module+el8.8.0+21044+01700444.x86_64.rpm | Linux |
| Qemu-kvm update (ELSA-2023-3822) qemu-kvm-6.2.0-32.module+el8.8.0+21044+01700444.x86_64.rpm | Linux |
| Qemu-kvm-block-curl update (ELSA-2023-3822) qemu-kvm-block-curl-6.2.0-32.module+el8.8.0+21044+01700444.x86_64.rpm | Linux |
| Qemu-kvm-block-gluster update (ELSA-2023-3822) qemu-kvm-block-gluster-6.2.0-32.module+el8.8.0+21044+01700444.x86_64.rpm | Linux |
| Qemu-kvm-block-iscsi update (ELSA-2023-3822) qemu-kvm-block-iscsi-6.2.0-32.module+el8.8.0+21044+01700444.x86_64.rpm | Linux |
| Qemu-kvm-block-rbd update (ELSA-2023-3822) qemu-kvm-block-rbd-6.2.0-32.module+el8.8.0+21044+01700444.x86_64.rpm | Linux |
| Qemu-kvm-block-ssh update (ELSA-2023-3822) qemu-kvm-block-ssh-6.2.0-32.module+el8.8.0+21044+01700444.x86_64.rpm | Linux |
| Qemu-kvm-common update (ELSA-2023-3822) qemu-kvm-common-6.2.0-32.module+el8.8.0+21044+01700444.x86_64.rpm | Linux |
| Qemu-kvm-core update (ELSA-2023-3822) qemu-kvm-core-6.2.0-32.module+el8.8.0+21044+01700444.x86_64.rpm | Linux |
| Qemu-kvm-docs update (ELSA-2023-3822) qemu-kvm-docs-6.2.0-32.module+el8.8.0+21044+01700444.x86_64.rpm | Linux |
| Qemu-kvm-hw-usbredir update (ELSA-2023-3822) qemu-kvm-hw-usbredir-6.2.0-32.module+el8.8.0+21044+01700444.x86_64.rpm | Linux |
| Qemu-kvm-ui-opengl update (ELSA-2023-3822) qemu-kvm-ui-opengl-6.2.0-32.module+el8.8.0+21044+01700444.x86_64.rpm | Linux |
| Qemu-kvm-ui-spice update (ELSA-2023-3822) qemu-kvm-ui-spice-6.2.0-32.module+el8.8.0+21044+01700444.x86_64.rpm | Linux |
| Ruby-hivex update (ELSA-2023-3822) ruby-hivex-1.3.18-23.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Ruby-libguestfs update (ELSA-2023-3822) ruby-libguestfs-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Seabios update (ELSA-2023-3822) seabios-1.16.0-3.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Seabios-bin update (ELSA-2023-3822) seabios-bin-1.16.0-3.module+el8.8.0+20990+60c1530a.noarch.rpm | Linux |
| Seavgabios-bin update (ELSA-2023-3822) seavgabios-bin-1.16.0-3.module+el8.8.0+20990+60c1530a.noarch.rpm | Linux |
| Sgabios update (ELSA-2023-3822) sgabios-0.20170427git-3.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Sgabios-bin update (ELSA-2023-3822) sgabios-bin-0.20170427git-3.module+el8.8.0+20990+60c1530a.noarch.rpm | Linux |
| Supermin update (ELSA-2023-3822) supermin-5.2.1-2.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Supermin-devel update (ELSA-2023-3822) supermin-devel-5.2.1-2.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Swtpm update (ELSA-2023-3822) swtpm-0.7.0-4.20211109gitb79fd91.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Swtpm-devel update (ELSA-2023-3822) swtpm-devel-0.7.0-4.20211109gitb79fd91.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Swtpm-libs update (ELSA-2023-3822) swtpm-libs-0.7.0-4.20211109gitb79fd91.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Swtpm-tools update (ELSA-2023-3822) swtpm-tools-0.7.0-4.20211109gitb79fd91.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Swtpm-tools-pkcs11 update (ELSA-2023-3822) swtpm-tools-pkcs11-0.7.0-4.20211109gitb79fd91.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Virt-dib update (ELSA-2023-3822) virt-dib-1.44.0-9.0.1.module+el8.8.0+20990+60c1530a.x86_64.rpm | Linux |
| Virt-v2v update (ELSA-2023-3822) virt-v2v-1.42.0-22.module+el8.8.0+21112+1cc1a24b.x86_64.rpm | Linux |
| Virt-v2v-bash-completion update (ELSA-2023-3822) virt-v2v-bash-completion-1.42.0-22.module+el8.8.0+21112+1cc1a24b.noarch.rpm | Linux |
| Virt-v2v-man-pages-ja update (ELSA-2023-3822) virt-v2v-man-pages-ja-1.42.0-22.module+el8.8.0+21112+1cc1a24b.noarch.rpm | Linux |
| Virt-v2v-man-pages-uk update (ELSA-2023-3822) virt-v2v-man-pages-uk-1.42.0-22.module+el8.8.0+21112+1cc1a24b.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234