CVE-2019-3886

MEDIUM

Description

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.

References

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html

http://www.securityfocus.com/bid/107777

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886

https://lists.fedoraproject.org/archives/list/[email protected]/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/

https://lists.fedoraproject.org/archives/list/[email protected]/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/

https://usn.ubuntu.com/4021-1/

Details

Source: MITRE

Published: 2019-04-04

Updated: 2019-06-19

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 4.8

Vector: AV:A/AC:L/Au:N/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 6.5

Severity: MEDIUM

CVSS v3.0

Base Score: 5.4

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Impact Score: 2.5

Exploitability Score: 2.8

Severity: MEDIUM