redhat libvirt CVE-2019-3886 vulnerability in Red Hat and Other Products
Published on April 4, 2019

product logo product logo product logo
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE-2019-3886 has been classified to as an AuthZ vulnerability or weakness.


Products Associated with CVE-2019-3886

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-3886 are published in these products:

Red Hat Libvirt
 
OpenSuse Leap
 
Fedora Project Fedora
 

Affected Versions

The libvirt Project libvirt Version 4.8.0 and above is affected by CVE-2019-3886

Exploit Probability

EPSS
0.48%
Percentile
64.67%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.