CVE-2019-10161

Priority
Description
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would
permit read-only clients to use the virDomainSaveImageGetXMLDesc() API,
specifying an arbitrary path which would be accessed with the permissions
of the libvirtd process. An attacker with access to the libvirtd socket
could use this to probe the existence of arbitrary files, cause denial of
service or cause libvirtd to execute arbitrary programs.
Assigned-to
mdeslaur
More Information

Updated: 2019-08-01 00:14:26 UTC (commit 81c090bcde936e7802713b727f30f2f049bcb6a1)