CVE-2019-10161

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.

Published: Jul 31, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-10161
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
redhat / libvirt	5.0.0	5.4.1
redhat / libvirt	-	4.10.1
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	6.0	6.0.x
redhat / enterprise_linux	8.0	8.0.x
redhat / virtualization	4.0	4.0.x
redhat / virtualization_host	4.0	4.0.x
canonical / ubuntu_linux	14.04	14.04.x

Vulnerability Database

289,599

CVE-2019-10161