libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | libvirt | < 2.2.0-1 | libvirt_2.2.0-1_all.deb |
Debian | 11 | all | libvirt | < 2.2.0-1 | libvirt_2.2.0-1_all.deb |
Debian | 10 | all | libvirt | < 2.2.0-1 | libvirt_2.2.0-1_all.deb |
Debian | 999 | all | libvirt | < 2.2.0-1 | libvirt_2.2.0-1_all.deb |
Debian | 13 | all | libvirt | < 2.2.0-1 | libvirt_2.2.0-1_all.deb |