CVE-2019-3886 — MEDIUM (5.4)

Q: How severe is CVE-2019-3886?

CVE-2019-3886 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-3886?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Libvirt, Opensuse Leap, Fedoraproject Fedora.

Vulnerability Description

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Redhat	Libvirt	>= 4.8.0, < 5.3.0
Opensuse	Leap	42.3
Fedoraproject	Fedora	29

Related Weaknesses (CWE)

CWE-862

References

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.htmlMailing ListThird Party Advisory
http://www.securityfocus.com/bid/107777Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHBA-2019:3723Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886ExploitIssue TrackingPatch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://usn.ubuntu.com/4021-1/Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.htmlMailing ListThird Party Advisory
http://www.securityfocus.com/bid/107777Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHBA-2019:3723Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886ExploitIssue TrackingPatch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://usn.ubuntu.com/4021-1/Third Party Advisory

FAQ

What is CVE-2019-3886?

CVE-2019-3886 is a vulnerability with a CVSS score of 5.4 (MEDIUM). An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing un...

How severe is CVE-2019-3886?

CVE-2019-3886 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3886?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Libvirt, Opensuse Leap, Fedoraproject Fedora.