An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpxml command.
| Software | From | Fixed in |
|---|---|---|
| redhat / enterprise_linux | 8.0 | 8.0.x |
| redhat / enterprise_linux_server_aus | 8.4 | 8.4.x |
| redhat / enterprise_linux_eus | 8.4 | 8.4.x |
| redhat / enterprise_linux_for_ibm_z_systems | 8.0 | 8.0.x |
| redhat / libvirt | 6.2.0 | 6.3.0 |
| redhat / enterprise_linux_tus | 8.4 | 8.4.x |
| redhat / enterprise_linux_server_update_services_for_sap_solutions | 8.4 | 8.4.x |
| redhat / enterprise_linux_for_ibm_z_systems_eus | 8.4 | 8.4.x |
| redhat / enterprise_linux_for_power_little_endian_eus | 8.4 | 8.4.x |
| redhat / enterprise_linux_for_power_little_endian | 8.0 | 8.0.x |
| redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.4 | 8.4.x |