{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-22T00:00:00", "descriptions": [{"lang": "en", "value": "libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-04-14T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://security.libvirt.org/2015/0001.html"}, {"name": "MDVSA-2015:070", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:070"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2015-0046.html"}, {"name": "openSUSE-SU-2015:0225", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html"}, {"name": "62766", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62766"}, {"name": "RHSA-2015:0323", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0323.html"}, {"name": "MDVSA-2015:035", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:035"}, {"name": "USN-2867-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2867-1"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:03:10.643Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://security.libvirt.org/2015/0001.html"}, {"name": "MDVSA-2015:070", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:070"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2015-0046.html"}, {"name": "openSUSE-SU-2015:0225", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html"}, {"name": "62766", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62766"}, {"name": "RHSA-2015:0323", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0323.html"}, {"name": "MDVSA-2015:035", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:035"}, {"name": "USN-2867-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2867-1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-0236", "datePublished": "2015-01-29T15:00:00", "dateReserved": "2014-11-18T00:00:00", "dateUpdated": "2024-08-06T04:03:10.643Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F805A106-9A6F-48E7-8582-D3C5A26DFC11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8A22EF4-358B-4D85-BC9E-CADD6DF4643B", "versionEndIncluding": "1.2.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "527B9236-CA4E-42A8-8C7A-2FB92BE2B4B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA9572AC-1D6D-4AA1-AEF0-CB9143F38215", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3D6B6D6F-6CD3-43C3-B1EC-18DEC89DFDA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "BF21D58D-6952-4C72-94C3-32421499AFCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "83403472-4883-4914-846A-3C3E912C5573", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "00DF70BC-8C33-4B01-9BF7-4D260E68DBAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "EEEF1A5E-E1FD-4D28-B90A-86D78ABE3F58", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "49568634-FD82-43E0-B60F-28896999CF48", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "EC1E4E78-937D-4BF1-B45E-74B24A02C97D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "E80222EC-EA2E-444B-A51C-0287055A598C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:libvirt:1.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "1CA535BD-4D1A-4BD6-9EF0-1E57A80E6466", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": false}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface."}, {"lang": "es", "value": "libvirt anterior a 1.2.12 permite a usuarios remotos autenticados obtener la contrase\u00f1a VNC mediante el uso del indicador VIR_DOMAIN_XML_SECURE con (1) una instant\u00e1nea manipulada a la interfaz virDomainSnapshotGetXMLDesc o (2) una imagen manipulada a la interfaz virDomainSaveImageGetXMLDesc."}], "id": "CVE-2015-0236", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-29T15:59:00.060", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://advisories.mageia.org/MGASA-2015-0046.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0323.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/62766"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://security.libvirt.org/2015/0001.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:035"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:070"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2867-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://advisories.mageia.org/MGASA-2015-0046.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00028.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0323.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62766"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://security.libvirt.org/2015/0001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:035"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:070"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2867-1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Luyao Huang (Red Hat).", "affected_release": [{"advisory": "RHSA-2015:0323", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libvirt-0:1.2.8-16.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0323", "cpe": "cpe:/a:redhat:storage:3.1:server:el7", "package": "libvirt-0:1.2.8-16.el7", "product_name": "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date": "2015-03-05T00:00:00Z"}, {"advisory": "RHSA-2015:0323", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "libvirt-0:1.2.8-16.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}], "bugzilla": {"description": "libvirt: missing ACL check for the VIR_DOMAIN_XML_SECURE flag in save images and snapshots objects", "id": "1184431", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184431"}, "csaw": false, "cvss": {"cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-285->CWE-200", "details": ["libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.", "It was discovered that the virDomainSnapshotGetXMLDesc() and virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the usage of the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a connection to libvirtd could use this flaw to obtain certain sensitive information from the domain XML file."], "name": "CVE-2015-0236", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "libvirt", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Under investigation", "package_name": "libvirt", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:storage:2.1", "fix_state": "Under investigation", "package_name": "libvirt", "product_name": "Red Hat Storage 2.1"}], "public_date": "2015-01-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-0236\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0236\nhttp://security.libvirt.org/2015/0001.html"], "threat_severity": "Low"}