CVE-2019-3886
5.4
MEDIUM
CVSS 3.1
EPSS 0.46%
Description
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
How to fix CVE-2019-3886
To remediate CVE-2019-3886, upgrade the affected package to a fixed version below.
- Debian/libvirt—upgrade to 5.0.0-2 or later
Is CVE-2019-3886 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 5.0.0-2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |