CVE-2010-2239
Advisory lineage Upstream: 0 Downstream: 2
Downstream
Modified
Published: 19 Aug 2010, 17:43
Last modified:07 Aug 2024, 02:25
Vulnerability Summary
Overall Risk (default)
low
18/100 CVSS Score
4.4 MEDIUM
v2.0 (nvd)
EPSS Score
0.09% LOW
0% probability +0.02%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
19 Aug 2010, 17:43
Published
Vulnerability first disclosed
07 Aug 2024, 02:25
Last Modified
Vulnerability information updated
Description
Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors.
CVSS Metrics
- v2.0•MEDIUM•Score: 4.4AV:L/AC:M/Au:S/C:C/I:N/A:N
EPSS Trends
Current EPSS score: 0.09%• Percentile: 25%
Techniques & Countermeasures
- CWE-264•Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Affected Systems
- libvirt•libvirt
0.6.0 | 0.6.1 | 0.6.2 | 0.6.3 | 0.6.4 | 0.6.5 | 0.7.0 | 0.7.1 | 0.7.2 | 0.7.3 | 0.7.4 | 0.7.5 | 0.7.6 | 0.7.7 | 0.8.0 | 0.8.1 | 0.8.2
References (11)
- http://www.vupen.com/english/advisories/2010/2062
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html
- http://ubuntu.com/usn/usn-1008-2
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html
- https://bugzilla.redhat.com/show_bug.cgi?id=607812
- http://www.redhat.com/support/errata/RHSA-2010-0615.html
- http://libvirt.org/news.html
- http://ubuntu.com/usn/usn-1008-1
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://ubuntu.com/usn/usn-1008-3
- http://www.vupen.com/english/advisories/2010/2763