| Reported on: | 20200420 |
|---|---|
| Published on: | 20200414 |
| Fixed on: | 20200414 |
| Reported by: | Han Han |
|---|---|
| Patched by: | Peter Krempa |
The implementation of cookies for HTTP-based disks formatted them in the XML even if the VIR_DOMAIN_XML_SECURE was not present.
A read-only client can access potentionally sensitive information in the cookies.
Denying access to the readonly libvirt socket will avoid the potential information leak.
| Branch | master |
|---|---|
| Broken in: | v6.2.0 |
| Fixed in: | v6.3.0 |
| Broken by: | 3b076391befc3fe72deb0c244ac6c2b4c100b410 |
| Fixed by: | a5b064bf4b17a9884d7d361733737fb614ad8979 |