QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-3886

Back to search

CVE-2019-3886

Published: Apr 4, 2019

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.0

5.4

MEDIUM

Description

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.

VendorProductVersions

The libvirt Project

libvirt

affected
4.8.0 and above

Weaknesses (CWE)

CWE-862

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

References

107777
vdb-entry
openSUSE-SU-2019:1294
vendor-advisory
USN-4021-1
vendor-advisory
FEDORA-2019-b2dfb13daf
vendor-advisory
FEDORA-2019-9210998aaa
vendor-advisory
RHBA-2019:3723
vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now