{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-01T00:00:00", "descriptions": [{"lang": "en", "value": "The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-30T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "62058", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62058"}, {"name": "60895", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60895"}, {"name": "GLSA-201412-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"}, {"name": "62303", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62303"}, {"name": "USN-2404-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2404-1"}, {"name": "openSUSE-SU-2014:1471", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html"}, {"name": "60010", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60010"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://security.libvirt.org/2014/0007.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:03:27.067Z"}, "title": "CVE Program Container", "references": [{"name": "62058", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62058"}, {"name": "60895", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60895"}, {"name": "GLSA-201412-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"}, {"name": "62303", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62303"}, {"name": "USN-2404-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2404-1"}, {"name": "openSUSE-SU-2014:1471", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html"}, {"name": "60010", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60010"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://security.libvirt.org/2014/0007.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-7823", "datePublished": "2014-11-13T15:00:00", "dateReserved": "2014-10-03T00:00:00", "dateUpdated": "2024-08-06T13:03:27.067Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*", "matchCriteriaId": "111BBE4C-22D8-45AB-B477-A9E234CD0EA0", "versionEndIncluding": "1.2.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "527B9236-CA4E-42A8-8C7A-2FB92BE2B4B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA9572AC-1D6D-4AA1-AEF0-CB9143F38215", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D6B6D6F-6CD3-43C3-B1EC-18DEC89DFDA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "BF21D58D-6952-4C72-94C3-32421499AFCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "83403472-4883-4914-846A-3C3E912C5573", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "00DF70BC-8C33-4B01-9BF7-4D260E68DBAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "EEEF1A5E-E1FD-4D28-B90A-86D78ABE3F58", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "49568634-FD82-43E0-B60F-28896999CF48", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "EC1E4E78-937D-4BF1-B45E-74B24A02C97D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "E80222EC-EA2E-444B-A51C-0287055A598C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag."}, {"lang": "es", "value": "El virDomainGetXMLDesc API en Libvirt en versiones anteriores a 1.2.11 permite a usuarios remotos de solo lectura obtener la contrase\u00f1a VNC utilizando el marcador VIR_DOMAIN_XML_MIGRATABLE, lo que desencadena el uso del marcador VIR_DOMAIN_XML_SECURE."}], "id": "CVE-2014-7823", "lastModified": "2024-11-21T02:18:04.920", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-13T21:32:04.547", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/60010"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/60895"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/62058"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/62303"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://security.libvirt.org/2014/0007.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.ubuntu.com/usn/USN-2404-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/60010"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/60895"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62058"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62303"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://security.libvirt.org/2014/0007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ubuntu.com/usn/USN-2404-1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Eric Blake (Red Hat).", "affected_release": [{"advisory": "RHSA-2014:1873", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libvirt-0:0.10.2-46.el6_6.2", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-11-18T00:00:00Z"}, {"advisory": "RHSA-2015:0008", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libvirt-0:1.1.1-29.el7_0.4", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-01-05T00:00:00Z"}], "bugzilla": {"description": "libvirt: dumpxml: information leak with migratable flag", "id": "1160817", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1160817"}, "csaw": false, "cvss": {"cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.", "It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc() function could bypass the restrictions of the VIR_DOMAIN_XML_SECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak certain limited information from the domain XML data."], "name": "CVE-2014-7823", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "libvirt", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:storage:2.1", "fix_state": "Under investigation", "package_name": "libvirt", "product_name": "Red Hat Storage 2.1"}], "public_date": "2014-11-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-7823\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7823"], "statement": "This issue does not affect the versions of libvirt packages as shipped with\nRed Hat Enterprise Linux 5.\nThis issue does affect the versions of libvirt packages as shipped with Red Hat\nEnterprise Linux 6 and 7. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.", "threat_severity": "Low"}