CVE-2014-7823

The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html
http://secunia.com/advisories/60010
http://secunia.com/advisories/60895
http://secunia.com/advisories/62058
http://secunia.com/advisories/62303
http://security.gentoo.org/glsa/glsa-201412-04.xml
http://security.libvirt.org/2014/0007.html	Patch Vendor Advisory
http://www.ubuntu.com/usn/USN-2404-1	Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html
http://secunia.com/advisories/60010
http://secunia.com/advisories/60895
http://secunia.com/advisories/62058
http://secunia.com/advisories/62303
http://security.gentoo.org/glsa/glsa-201412-04.xml
http://security.libvirt.org/2014/0007.html	Patch Vendor Advisory
http://www.ubuntu.com/usn/USN-2404-1	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:libvirt::::::::
	cpe:2.3:a:redhat:libvirt:1.2.0:::::::*
	cpe:2.3:a:redhat:libvirt:1.2.1:::::::*
	cpe:2.3:a:redhat:libvirt:1.2.2:::::::*
	cpe:2.3:a:redhat:libvirt:1.2.3:::::::*
	cpe:2.3:a:redhat:libvirt:1.2.4:::::::*
	cpe:2.3:a:redhat:libvirt:1.2.5:::::::*
	cpe:2.3:a:redhat:libvirt:1.2.6:::::::*
	cpe:2.3:a:redhat:libvirt:1.2.7:::::::*
	cpe:2.3:a:redhat:libvirt:1.2.8:::::::*
	cpe:2.3:a:redhat:libvirt:1.2.9:::::::*

History

21 Nov 2024, 02:18

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html -~~	() http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html -
References	~~() http://secunia.com/advisories/60010 -~~	() http://secunia.com/advisories/60010 -
References	~~() http://secunia.com/advisories/60895 -~~	() http://secunia.com/advisories/60895 -
References	~~() http://secunia.com/advisories/62058 -~~	() http://secunia.com/advisories/62058 -
References	~~() http://secunia.com/advisories/62303 -~~	() http://secunia.com/advisories/62303 -
References	~~() http://security.gentoo.org/glsa/glsa-201412-04.xml -~~	() http://security.gentoo.org/glsa/glsa-201412-04.xml -
References	~~() http://security.libvirt.org/2014/0007.html - Patch, Vendor Advisory~~	() http://security.libvirt.org/2014/0007.html - Patch, Vendor Advisory
References	~~() http://www.ubuntu.com/usn/USN-2404-1 - Vendor Advisory~~	() http://www.ubuntu.com/usn/USN-2404-1 - Vendor Advisory

Information

Published : 2014-11-13 21:32

Updated : 2025-04-12 10:46

NVD link : CVE-2014-7823

Mitre link : CVE-2014-7823

CVE.ORG link : CVE-2014-7823

JSON object : View

Products Affected

redhat

libvirt

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2014-7823", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-11-13T21:32:04.547", "references": [{"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/60010", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/60895", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/62058", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/62303", "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml", "source": "secalert@redhat.com"}, {"url": "http://security.libvirt.org/2014/0007.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-2404-1", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/60010", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/60895", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/62058", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/62303", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.libvirt.org/2014/0007.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2404-1", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag."}, {"lang": "es", "value": "El virDomainGetXMLDesc API en Libvirt en versiones anteriores a 1.2.11 permite a usuarios remotos de solo lectura obtener la contrase\u00f1a VNC utilizando el marcador VIR_DOMAIN_XML_MIGRATABLE, lo que desencadena el uso del marcador VIR_DOMAIN_XML_SECURE."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "111BBE4C-22D8-45AB-B477-A9E234CD0EA0", "versionEndIncluding": "1.2.10"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "527B9236-CA4E-42A8-8C7A-2FB92BE2B4B9"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA9572AC-1D6D-4AA1-AEF0-CB9143F38215"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D6B6D6F-6CD3-43C3-B1EC-18DEC89DFDA6"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF21D58D-6952-4C72-94C3-32421499AFCE"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83403472-4883-4914-846A-3C3E912C5573"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00DF70BC-8C33-4B01-9BF7-4D260E68DBAD"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEEF1A5E-E1FD-4D28-B90A-86D78ABE3F58"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49568634-FD82-43E0-B60F-28896999CF48"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC1E4E78-937D-4BF1-B45E-74B24A02C97D"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E80222EC-EA2E-444B-A51C-0287055A598C"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

5.0 /10