CVE-2019-10161

Priority
Description
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would
permit read-only clients to use the virDomainSaveImageGetXMLDesc() API,
specifying an arbitrary path which would be accessed with the permissions
of the libvirtd process. An attacker with access to the libvirtd socket
could use this to probe the existence of arbitrary files, cause denial of
service or cause libvirtd to execute arbitrary programs.
Assigned-to
mdeslaur
Notes
More Information

Updated: 2020-01-13 16:14:32 UTC (commit c5a721d8434301f6c07c5f60d04de3d18d686d3d)