CVE-2014-7823

{"id": "CVE-2014-7823", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-11-13T21:32:04.547", "references": [{"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00083.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/60010", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/60895", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/62058", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/62303", "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml", "source": "secalert@redhat.com"}, {"url": "http://security.libvirt.org/2014/0007.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-2404-1", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag."}, {"lang": "es", "value": "El virDomainGetXMLDesc API en Libvirt en versiones anteriores a 1.2.11 permite a usuarios remotos de solo lectura obtener la contrase\u00f1a VNC utilizando el marcador VIR_DOMAIN_XML_MIGRATABLE, lo que desencadena el uso del marcador VIR_DOMAIN_XML_SECURE."}], "lastModified": "2017-01-03T02:59:12.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "111BBE4C-22D8-45AB-B477-A9E234CD0EA0", "versionEndIncluding": "1.2.10"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "527B9236-CA4E-42A8-8C7A-2FB92BE2B4B9"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA9572AC-1D6D-4AA1-AEF0-CB9143F38215"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D6B6D6F-6CD3-43C3-B1EC-18DEC89DFDA6"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF21D58D-6952-4C72-94C3-32421499AFCE"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83403472-4883-4914-846A-3C3E912C5573"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00DF70BC-8C33-4B01-9BF7-4D260E68DBAD"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEEF1A5E-E1FD-4D28-B90A-86D78ABE3F58"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49568634-FD82-43E0-B60F-28896999CF48"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC1E4E78-937D-4BF1-B45E-74B24A02C97D"}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E80222EC-EA2E-444B-A51C-0287055A598C"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}