An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/107777 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHBA-2019:3723 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886 | Exploit Issue Tracking Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/ | |
https://usn.ubuntu.com/4021-1/ | Third Party Advisory |
Configurations
History
12 Feb 2023, 23:38
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. |
02 Feb 2023, 21:18
Type | Values Removed | Values Added |
---|---|---|
Summary | An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block. | |
References |
|
|
10 Nov 2022, 04:30
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject
Fedoraproject fedora |
02 Nov 2021, 20:18
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-862 |
Information
Published : 2019-04-04 16:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-3886
Mitre link : CVE-2019-3886
CVE.ORG link : CVE-2019-3886
JSON object : View
Products Affected
opensuse
- leap
redhat
- libvirt
fedoraproject
- fedora
CWE
CWE-862
Missing Authorization