libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-10-31T15:00:00
Updated: 2024-08-05T22:00:39.668Z
Reserved: 2017-10-18T00:00:00
Link: CVE-2017-1000256
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-10-31T15:29:00.240
Modified: 2023-11-07T02:37:56.177
Link: CVE-2017-1000256
Redhat