CVE-2019-3886 MEDIUM

CVE-2019-3886

Vendor The Libvirt Project
Product libvirt
Weakness CWE-862 · Missing authorization
Published April 4, 2019
Last update August 4, 2024

CVSS base score

5.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

What the vulnerability does

01Description

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.

Key dates

02Disclosure timeline

April 4, 2019 CVE published
August 4, 2024 Record updated