Lucene search

Alpine Linux Development TeamALPINE:CVE-2020-14301

HistoryMay 27, 2021 - 8:15 p.m.

CVE-2020-14301

2021-05-2720:15:00

Alpine Linux Development Team

security.alpinelinux.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpxml command.

OSVersionArchitecturePackageVersionFilename
Alpine3.11-mainnoarchlibvirt= 5.9.0-r2UNKNOWN
Alpine3.10-mainnoarchlibvirt= 5.5.0-r2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	3.11-main	noarch	libvirt	= 5.9.0-r2	UNKNOWN
Alpine	3.10-main	noarch	libvirt	= 5.5.0-r2	UNKNOWN

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

Related for ALPINE:CVE-2020-14301