Potential privilege escalation with the default libvirtd TLS config
Bug #1730370 reported by
Oliver Walsh
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Juan Antonio Osorio Robles |
Bug Description
With the default TLS setup, any service with a certificate from the CA will be granted access to libvirtd.
There are a number of options to address this:
- use a different CA just for libvirt access
- filter allowed clients
- enable SASL auth for libvirtd
- disabled libvirt TLS
CVE References
To post a comment you must log in.
Triaged as this is already assigned, we should discuss the plan for merging/backporting before making this public,