CVE-2014-0028
EPSS 0.10%
Description
libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.
How to fix CVE-2014-0028
To remediate CVE-2014-0028, upgrade the affected package to a fixed version below.
- Debian/libvirt—upgrade to 1.2.1-1 or later
Is CVE-2014-0028 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.2.1-1