{"id":"CVE-2019-3886","details":"An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.","modified":"2026-05-28T04:04:44.819250325Z","published":"2019-04-04T16:29:03.430Z","related":["SUSE-SU-2019:0948-1","SUSE-SU-2019:1042-1","SUSE-SU-2019:1285-1","SUSE-SU-2019:14097-1","SUSE-SU-2019:1438-1","openSUSE-SU-2024:11008-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_STRING","cpes":["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"],"vendor_product":"fedoraproject:fedora","extracted_events":[{"last_affected":"29"},{"last_affected":"30"}]},{"vendor_product":"opensuse:leap","cpes":["cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*"],"source":"CPE_STRING","extracted_events":[{"last_affected":"42.3"}]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYMNKXAUBZCFBBPFH64FJPH5EJH4GSU2/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5DHYIFECZ7BMVXK4EP4FDFZXK7I5MZH/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00105.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/107777"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHBA-2019:3723"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4021-1/"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3886"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libvirt/libvirt","events":[{"introduced":"5fa43c7f3b47ef0014f01bff6c799e8bba7e4c26"},{"fixed":"4dbe481bf6514511f16482237c2ab963b4ad1b95"}],"database_specific":{"cpe":"cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*","source":"CPE_RANGE","extracted_events":[{"introduced":"4.8.0"},{"fixed":"5.3.0"}]}}],"versions":["v4.8.0","v4.9.0","v4.10.0","v5.0.0","v5.2.0","v5.3.0-rc2","v5.3.0-rc1","CVE-2019-3886","v5.2.0-rc2","v5.2.0-rc1","v5.1.0","v5.1.0-rc2","v5.1.0-rc1","v5.0.0-rc2","v5.0.0-rc1","v4.10.0-rc2","v4.10.0-rc1","v4.9.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3886.json"}},{"ranges":[{"type":"GIT","repo":"https://gitlab.com/libvirt/libvirt","events":[{"introduced":"5fa43c7f3b47ef0014f01bff6c799e8bba7e4c26"},{"fixed":"4dbe481bf6514511f16482237c2ab963b4ad1b95"}],"database_specific":{"cpe":"cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*","source":"CPE_RANGE","extracted_events":[{"introduced":"4.8.0"},{"fixed":"5.3.0"}]}}],"versions":["v4.8.0","v4.9.0","v4.10.0","v5.0.0","v5.2.0","v5.3.0-rc2","v5.3.0-rc1","CVE-2019-3886","v5.2.0-rc2","v5.2.0-rc1","v5.1.0","v5.1.0-rc2","v5.1.0-rc1","v5.0.0-rc2","v5.0.0-rc1","v4.10.0-rc2","v4.10.0-rc1","v4.9.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3886.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}]}