An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.

Related CVEs

CVE-2020-14301

Key Information

GHSA ID

GHSA-5qrf-45p7-8vrc

Published

May 24, 2022 7:03 PM

Last Modified

May 24, 2022 7:03 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 2, 2025 6:46 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.