CVE-2015-0236
NONE EPSS 75.8%
Published Jan 29, 201511y ago · Modified Jun 17, 20262w ago
Published Jan 29, 2015 11y ago
Last Modified Jun 17, 2026 2w ago
Description
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.
Threat Intelligence
EPSS Exploit Probability
75.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
Affected Products 23
| Vendor | Product | Version | Range |
|---|---|---|---|
| mageia | mageia | 4.0 | any |
| redhat | libvirt | * | ≤1.2.11 |
| redhat | libvirt | 1.2.0 | any |
| redhat | libvirt | 1.2.1 | any |
| redhat | libvirt | 1.2.2 | any |
| redhat | libvirt | 1.2.3 | any |
| redhat | libvirt | 1.2.4 | any |
| redhat | libvirt | 1.2.5 | any |
| redhat | libvirt | 1.2.6 | any |
| redhat | libvirt | 1.2.7 | any |
| redhat | libvirt | 1.2.8 | any |
| redhat | libvirt | 1.2.9 | any |
| redhat | libvirt | 1.2.10 | any |
| opensuse | opensuse | 13.1 | any |
| opensuse | opensuse | 13.2 | any |
| canonical | ubuntu_linux | 12.04 | any |
| canonical | ubuntu_linux | 14.04 | any |
| canonical | ubuntu_linux | 15.04 | any |
| canonical | ubuntu_linux | 15.10 | any |
| redhat | enterprise_linux_desktop | 7.0 | any |
| redhat | enterprise_linux_hpc_node | 7.0 | any |
| redhat | enterprise_linux_server | 7.0 | any |
| redhat | enterprise_linux_workstation | 7.0 | any |
References 8
- advisories.mageia.org http://advisories.mageia.org/MGASA-2015-0046.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-0323.html
- secunia.com http://secunia.com/advisories/62766
- security.libvirt.org http://security.libvirt.org/2015/0001.html
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2015:035
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2015:070
- ubuntu.com http://www.ubuntu.com/usn/USN-2867-1
Remediation
- security.libvirt.org http://security.libvirt.org/2015/0001.html