What the vulnerability does

01Description

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.

Key dates

02Disclosure timeline

May 27, 2021 CVE published
August 4, 2024 Record updated