Information Disclosure Vulnerability in libvirt: Exposing HTTP Cookies in XML Dump

Information Disclosure Vulnerability in libvirt: Exposing HTTP Cookies in XML Dump

CVE-2020-14301 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.

Learn more about our Network Penetration Testing.