VDB
CVE-2019-3886
CVE-2019-3886
PUBLISHED
CVSS 5.4 MEDIUM
Reported by redhat · Published April 4, 2019
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
Risk Scores
CVSS 3.0
5.4
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| The libvirt Project | libvirt | 4.8.0 and above |
| The libvirt Project | libvirt | 4.8.0 and above |
Exploit Intelligence
Timeline
- Apr 4, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- 107777 vdb-entry
- openSUSE-SU-2019:1294 vendor-advisory
- USN-4021-1 vendor-advisory
- FEDORA-2019-b2dfb13daf vendor-advisory
- FEDORA-2019-9210998aaa vendor-advisory
- RHBA-2019:3723 vendor-advisory