CVE-2014-7823

Name of the Vulnerable Software and Affected Versions Libvirt versions prior to 1.2.11

Description The issue allows remote read-only users to obtain the VNC password by using the VIR DOMAIN XML MIGRATABLE flag, which triggers the use of the VIR DOMAIN XML SECURE flag. This can lead to a breach of confidentiality and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations As a temporary workaround, consider disabling the virDomainGetXMLDesc API until a patch is available. Update to a version of Libvirt that is 1.2.11 or later to resolve the issue. Restrict access to the vulnerable API endpoint to minimize the risk of exploitation. Avoid using the VIR DOMAIN XML MIGRATABLE flag in the affected API endpoint until the issue is resolved.