{
  "threat_severity" : "Low",
  "public_date" : "2015-01-22T00:00:00Z",
  "bugzilla" : {
    "description" : "libvirt: missing ACL check for the VIR_DOMAIN_XML_SECURE flag in save images and snapshots objects",
    "id" : "1184431",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1184431"
  },
  "cvss" : {
    "cvss_base_score" : "2.9",
    "cvss_scoring_vector" : "AV:A/AC:M/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-285->CWE-200",
  "details" : [ "libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.", "It was discovered that the virDomainSnapshotGetXMLDesc() and virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the usage of the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a connection to libvirtd could use this flaw to obtain certain sensitive information from the domain XML file." ],
  "acknowledgement" : "This issue was discovered by Luyao Huang (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-03-05T00:00:00Z",
    "advisory" : "RHSA-2015:0323",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "libvirt-0:1.2.8-16.el7"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 7",
    "release_date" : "2015-03-05T00:00:00Z",
    "advisory" : "RHSA-2015:0323",
    "cpe" : "cpe:/a:redhat:storage:3.1:server:el7",
    "package" : "libvirt-0:1.2.8-16.el7"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2015-03-05T00:00:00Z",
    "advisory" : "RHSA-2015:0323",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "libvirt-0:1.2.8-16.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "libvirt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Under investigation",
    "package_name" : "libvirt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Storage 2.1",
    "fix_state" : "Under investigation",
    "package_name" : "libvirt",
    "cpe" : "cpe:/a:redhat:storage:2.1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-0236\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0236\nhttp://security.libvirt.org/2015/0001.html" ],
  "name" : "CVE-2015-0236",
  "csaw" : false
}