How severe is CVE-2020-17376?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.3 out of 10.

What type of vulnerability is CVE-2020-17376?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2020-17376

HIGH Year: 2020

CVSS v3 Score

8.3

High

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-611

View all →

Vulnerability Description

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.

CVE-2018-1000054

HIGH

CVSS:8.3(High)

Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenk...

CWE-6112018

CVE-2018-1000055

HIGH

CVSS:8.3(High)

Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from...

CWE-6112018

CVE-2018-1000056

HIGH

CVSS:8.3(High)

Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the J...

CWE-6112018

CVE-2024-22024

HIGH

CVSS:8.3(High)

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain res...

CWE-6112024

CVE-2024-52806

HIGH

CVSS:8.3(High)

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability...

CWE-6112024

CVE-2017-1192

HIGH

CVSS:8.2(High)

IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive i...

CWE-6112017

CVE-2020-17376

Vulnerability Description

Related Vulnerabilities

CVE-2018-1000054

CVE-2018-1000055

CVE-2018-1000056

CVE-2024-22024

CVE-2024-52806

CVE-2017-1192