← Back

CVE-2019-3886

nvd nist
Published: Apr 4, 2019Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Exploitability: 2.8 / Impact: 2.5
Source: NVD

Description

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.

Affected (4)

Redhat
1 product
Libvirt
Opensuse
1 product
Leap
Fedoraproject
1 product
Fedora
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Libvirt
From 4.8.0 to 5.3.0
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Leap
Version 42.3
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 29
Fedora
Version 30

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (14)

Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
ExploitIssue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.