{"id":"CVE-2020-14301","details":"An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command.","modified":"2026-02-24T11:34:04.259643Z","published":"2021-05-27T20:15:07.727Z","related":["ALSA-2020:4676"],"references":[{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848640"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210629-0007/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848640"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1848640"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/libvirt/libvirt","events":[{"introduced":"07bb8ff4dd0ca0224754c582390f4a873597c4b9"},{"fixed":"e8aa9f0dfcae0ced905e08dd3b1a9047c808cca7"}]}],"versions":["v6.2.0","v6.3.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-14301.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}