CVE-2020-23793

An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
spice-spacespice-server
0.14.0-6el7_6.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
spice
bullseye
0.14.3-2.1
fixed
bookworm
0.15.1-1
fixed
sid
0.15.2-1
fixed
trixie
0.15.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
spice
noble
not-affected
mantic
not-affected
lunar
not-affected
jammy
not-affected
focal
not-affected
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
Common Weakness Enumeration
References
https://github.com/zelat/spice-security-issues
https://github.com/zelat/spice-security-issues