CVE-2020-23793

Published: Aug 22, 2023Modified: Nov 21, 2024

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects.

Affected (1)

Products: Spice Space: Spice Server

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Spice Space Spice Server	Version 0.14.0-6el7_6.1

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://github.com/zelat/spice-security-issues

Source: cve@mitre.org

Exploit

https://github.com/zelat/spice-security-issues

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.