cvelistv5 - cve-2020-29479

CVE-2020-29479 (GCVE-0-2020-29479)

Vulnerability from cvelistv5 – Published: 2020-12-15 17:06 – Updated: 2024-08-04 16:55

Summary

An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://xenbits.xenproject.org/xsa/advisory-353.html	x_refsource_MISC
	https://www.debian.org/security/2020/dsa-4812	vendor-advisoryx_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://security.gentoo.org/glsa/202107-30	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:55:10.415Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://xenbits.xenproject.org/xsa/advisory-353.html"
          },
          {
            "name": "DSA-4812",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4812"
          },
          {
            "name": "FEDORA-2020-64859a826b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/"
          },
          {
            "name": "FEDORA-2020-df772b417b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/"
          },
          {
            "name": "GLSA-202107-30",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-30"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-12T04:06:25",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://xenbits.xenproject.org/xsa/advisory-353.html"
        },
        {
          "name": "DSA-4812",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4812"
        },
        {
          "name": "FEDORA-2020-64859a826b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/"
        },
        {
          "name": "FEDORA-2020-df772b417b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/"
        },
        {
          "name": "GLSA-202107-30",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202107-30"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-29479",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://xenbits.xenproject.org/xsa/advisory-353.html",
              "refsource": "MISC",
              "url": "https://xenbits.xenproject.org/xsa/advisory-353.html"
            },
            {
              "name": "DSA-4812",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4812"
            },
            {
              "name": "FEDORA-2020-64859a826b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/"
            },
            {
              "name": "FEDORA-2020-df772b417b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/"
            },
            {
              "name": "GLSA-202107-30",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202107-30"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-29479",
    "datePublished": "2020-12-15T17:06:50",
    "dateReserved": "2020-12-03T00:00:00",
    "dateUpdated": "2024-08-04T16:55:10.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.14.0\", \"matchCriteriaId\": \"2D769F4A-98C6-4544-AC04-3D8600C17BBB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36D96259-24BD-44E2-96D9-78CE1D41F956\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en Xen versiones hasta 4.14.x.\u0026#xa0;En la implementaci\\u00f3n de Ocaml xenstored, la representaci\\u00f3n interna del \\u00e1rbol tiene casos especiales para el nodo root, porque este nodo no tiene padre.\u0026#xa0;Desafortunadamente, no fueron comprobados los permisos para determinadas operaciones en el nodo root.\u0026#xa0;Los invitados no privilegiados pueden obtener y modificar permisos, enumerar y eliminar el nodo root.\u0026#xa0;(Eliminar todo el \\u00e1rbol de xenstore es una denegaci\\u00f3n de servicio en todo el host). Lograr el acceso de escritura a xenstore tambi\\u00e9n es posible.\u0026#xa0;Todos los sistemas que usan oxenstored son vulnerables.\u0026#xa0;La construcci\\u00f3n y el uso de oxenstored es el valor predeterminado en la distribuci\\u00f3n Xen previa, si el compilador Ocaml est\\u00e1 disponible.\u0026#xa0;Los sistemas que utilizan C xenstored no son vulnerables\"}]",
      "id": "CVE-2020-29479",
      "lastModified": "2024-11-21T05:24:04.297",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-12-15T18:15:14.897",
      "references": "[{\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202107-30\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4812\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://xenbits.xenproject.org/xsa/advisory-353.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202107-30\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4812\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://xenbits.xenproject.org/xsa/advisory-353.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-29479\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-12-15T18:15:14.897\",\"lastModified\":\"2024-11-21T05:24:04.297\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Xen versiones hasta 4.14.x.\u0026#xa0;En la implementaci\u00f3n de Ocaml xenstored, la representaci\u00f3n interna del \u00e1rbol tiene casos especiales para el nodo root, porque este nodo no tiene padre.\u0026#xa0;Desafortunadamente, no fueron comprobados los permisos para determinadas operaciones en el nodo root.\u0026#xa0;Los invitados no privilegiados pueden obtener y modificar permisos, enumerar y eliminar el nodo root.\u0026#xa0;(Eliminar todo el \u00e1rbol de xenstore es una denegaci\u00f3n de servicio en todo el host). Lograr el acceso de escritura a xenstore tambi\u00e9n es posible.\u0026#xa0;Todos los sistemas que usan oxenstored son vulnerables.\u0026#xa0;La construcci\u00f3n y el uso de oxenstored es el valor predeterminado en la distribuci\u00f3n Xen previa, si el compilador Ocaml est\u00e1 disponible.\u0026#xa0;Los sistemas que utilizan C xenstored no son vulnerables\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.14.0\",\"matchCriteriaId\":\"2D769F4A-98C6-4544-AC04-3D8600C17BBB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]}],\"references\":[{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202107-30\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4812\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-353.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202107-30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4812\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-353.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2020-29479

Vulnerability from fkie_nvd - Published: 2020-12-15 18:15 - Updated: 2024-11-21 05:24

Severity ?

8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/
cve@mitre.org	https://security.gentoo.org/glsa/202107-30	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2020/dsa-4812	Third Party Advisory
cve@mitre.org	https://xenbits.xenproject.org/xsa/advisory-353.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202107-30	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4812	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://xenbits.xenproject.org/xsa/advisory-353.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
xen	xen	*
debian	debian_linux	10.0
fedoraproject	fedora	32
fedoraproject	fedora	33

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D769F4A-98C6-4544-AC04-3D8600C17BBB",
              "versionEndIncluding": "4.14.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Xen versiones hasta 4.14.x.\u0026#xa0;En la implementaci\u00f3n de Ocaml xenstored, la representaci\u00f3n interna del \u00e1rbol tiene casos especiales para el nodo root, porque este nodo no tiene padre.\u0026#xa0;Desafortunadamente, no fueron comprobados los permisos para determinadas operaciones en el nodo root.\u0026#xa0;Los invitados no privilegiados pueden obtener y modificar permisos, enumerar y eliminar el nodo root.\u0026#xa0;(Eliminar todo el \u00e1rbol de xenstore es una denegaci\u00f3n de servicio en todo el host). Lograr el acceso de escritura a xenstore tambi\u00e9n es posible.\u0026#xa0;Todos los sistemas que usan oxenstored son vulnerables.\u0026#xa0;La construcci\u00f3n y el uso de oxenstored es el valor predeterminado en la distribuci\u00f3n Xen previa, si el compilador Ocaml est\u00e1 disponible.\u0026#xa0;Los sistemas que utilizan C xenstored no son vulnerables"
    }
  ],
  "id": "CVE-2020-29479",
  "lastModified": "2024-11-21T05:24:04.297",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-15T18:15:14.897",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-30"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4812"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://xenbits.xenproject.org/xsa/advisory-353.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-30"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://xenbits.xenproject.org/xsa/advisory-353.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2020-AVI-825

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont a été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	Citrix Hypervisor	Citrix XenServer versions antérieures à 7.1 LTSR CU2 sans les derniers correctifs de sécurité
Citrix	Citrix Hypervisor	Citrix Hypervisor versions antérieures à 8.1 sans les derniers correctifs de sécurité
Citrix	Citrix Hypervisor	Citrix XenServer versions antérieures à 7.0 sans les derniers correctifs de sécurité
Citrix	Citrix Hypervisor	Citrix Hypervisor versions antérieures à 8.2 LTSR sans les derniers correctifs de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX286756 du 15 décembre 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix XenServer versions ant\u00e9rieures \u00e0 7.1 LTSR CU2 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Citrix Hypervisor",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Hypervisor versions ant\u00e9rieures \u00e0 8.1 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Citrix Hypervisor",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer versions ant\u00e9rieures \u00e0 7.0 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Citrix Hypervisor",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Hypervisor versions ant\u00e9rieures \u00e0 8.2 LTSR sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Citrix Hypervisor",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-29482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29482"
    },
    {
      "name": "CVE-2020-29480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29480"
    },
    {
      "name": "CVE-2020-29481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29481"
    },
    {
      "name": "CVE-2020-29569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29569"
    },
    {
      "name": "CVE-2020-29568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29568"
    },
    {
      "name": "CVE-2020-29570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29570"
    },
    {
      "name": "CVE-2020-29487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29487"
    },
    {
      "name": "CVE-2020-29486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29486"
    },
    {
      "name": "CVE-2020-29479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29479"
    },
    {
      "name": "CVE-2020-29485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29485"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-825",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-12-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont a \u00e9t\u00e9 d\u00e9couvertes dans Citrix\nHypervisor. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Citrix Hypervisor",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX286756 du 15 d\u00e9cembre 2020",
      "url": "https://support.citrix.com/article/CTX286756"
    }
  ]
}

CERTFR-2020-AVI-824

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Xen. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	XEN	Xen	Xen toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Xen 358 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 323 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 350 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 330 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 354 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 352 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 115 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 353 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 324 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 356 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 322 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 325 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 349 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 348 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 359 du 15 décembre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Xen toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Xen",
        "vendor": {
          "name": "XEN",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-29482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29482"
    },
    {
      "name": "CVE-2020-29480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29480"
    },
    {
      "name": "CVE-2020-29571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29571"
    },
    {
      "name": "CVE-2020-29481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29481"
    },
    {
      "name": "CVE-2020-29569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29569"
    },
    {
      "name": "CVE-2020-29568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29568"
    },
    {
      "name": "CVE-2020-29483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29483"
    },
    {
      "name": "CVE-2020-29570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29570"
    },
    {
      "name": "CVE-2020-29484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29484"
    },
    {
      "name": "CVE-2020-29487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29487"
    },
    {
      "name": "CVE-2020-29567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29567"
    },
    {
      "name": "CVE-2020-29479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29479"
    },
    {
      "name": "CVE-2020-29485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29485"
    },
    {
      "name": "CVE-2020-29566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29566"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-824",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-12-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Xen. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 358 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-358.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 323 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-323.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 350 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-350.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 330 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-330.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 354 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-354.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 352 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-352.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 115 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-115.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 353 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-353.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 324 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-324.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 356 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-356.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 322 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-322.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 325 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-325.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 349 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-349.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 348 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-348.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 359 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-359.html"
    }
  ]
}

CERTFR-2020-AVI-825

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont a été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	Citrix Hypervisor	Citrix XenServer versions antérieures à 7.1 LTSR CU2 sans les derniers correctifs de sécurité
Citrix	Citrix Hypervisor	Citrix Hypervisor versions antérieures à 8.1 sans les derniers correctifs de sécurité
Citrix	Citrix Hypervisor	Citrix XenServer versions antérieures à 7.0 sans les derniers correctifs de sécurité
Citrix	Citrix Hypervisor	Citrix Hypervisor versions antérieures à 8.2 LTSR sans les derniers correctifs de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX286756 du 15 décembre 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix XenServer versions ant\u00e9rieures \u00e0 7.1 LTSR CU2 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Citrix Hypervisor",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Hypervisor versions ant\u00e9rieures \u00e0 8.1 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Citrix Hypervisor",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer versions ant\u00e9rieures \u00e0 7.0 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Citrix Hypervisor",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Hypervisor versions ant\u00e9rieures \u00e0 8.2 LTSR sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Citrix Hypervisor",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-29482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29482"
    },
    {
      "name": "CVE-2020-29480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29480"
    },
    {
      "name": "CVE-2020-29481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29481"
    },
    {
      "name": "CVE-2020-29569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29569"
    },
    {
      "name": "CVE-2020-29568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29568"
    },
    {
      "name": "CVE-2020-29570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29570"
    },
    {
      "name": "CVE-2020-29487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29487"
    },
    {
      "name": "CVE-2020-29486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29486"
    },
    {
      "name": "CVE-2020-29479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29479"
    },
    {
      "name": "CVE-2020-29485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29485"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-825",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-12-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont a \u00e9t\u00e9 d\u00e9couvertes dans Citrix\nHypervisor. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Citrix Hypervisor",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX286756 du 15 d\u00e9cembre 2020",
      "url": "https://support.citrix.com/article/CTX286756"
    }
  ]
}

CERTFR-2020-AVI-824

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	XEN	Xen	Xen toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Xen 358 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 323 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 350 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 330 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 354 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 352 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 115 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 353 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 324 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 356 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 322 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 325 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 349 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 348 du 15 décembre 2020	None	vendor-advisory
Bulletin de sécurité Xen 359 du 15 décembre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Xen toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Xen",
        "vendor": {
          "name": "XEN",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-29482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29482"
    },
    {
      "name": "CVE-2020-29480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29480"
    },
    {
      "name": "CVE-2020-29571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29571"
    },
    {
      "name": "CVE-2020-29481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29481"
    },
    {
      "name": "CVE-2020-29569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29569"
    },
    {
      "name": "CVE-2020-29568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29568"
    },
    {
      "name": "CVE-2020-29483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29483"
    },
    {
      "name": "CVE-2020-29570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29570"
    },
    {
      "name": "CVE-2020-29484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29484"
    },
    {
      "name": "CVE-2020-29487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29487"
    },
    {
      "name": "CVE-2020-29567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29567"
    },
    {
      "name": "CVE-2020-29479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29479"
    },
    {
      "name": "CVE-2020-29485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29485"
    },
    {
      "name": "CVE-2020-29566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29566"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-824",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-12-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Xen. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 358 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-358.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 323 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-323.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 350 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-350.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 330 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-330.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 354 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-354.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 352 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-352.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 115 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-115.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 353 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-353.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 324 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-324.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 356 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-356.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 322 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-322.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 325 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-325.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 349 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-349.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 348 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-348.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen 359 du 15 d\u00e9cembre 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-359.html"
    }
  ]
}

GHSA-MRWX-R54G-7X9F

Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2024-04-04 03:03

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-29479"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-15T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable.",
  "id": "GHSA-mrwx-r54g-7x9f",
  "modified": "2024-04-04T03:03:41Z",
  "published": "2022-05-24T17:36:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29479"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202107-30"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4812"
    },
    {
      "type": "WEB",
      "url": "https://xenbits.xenproject.org/xsa/advisory-353.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2020-29479

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-29479

Aliases

CVE-2020-29479

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-29479",
    "description": "An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable.",
    "id": "GSD-2020-29479",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-29479.html",
      "https://www.debian.org/security/2020/dsa-4812"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-29479"
      ],
      "details": "An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable.",
      "id": "GSD-2020-29479",
      "modified": "2023-12-13T01:22:11.894603Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-29479",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://xenbits.xenproject.org/xsa/advisory-353.html",
            "refsource": "MISC",
            "url": "https://xenbits.xenproject.org/xsa/advisory-353.html"
          },
          {
            "name": "DSA-4812",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020/dsa-4812"
          },
          {
            "name": "FEDORA-2020-64859a826b",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/"
          },
          {
            "name": "FEDORA-2020-df772b417b",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/"
          },
          {
            "name": "GLSA-202107-30",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202107-30"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.14.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-29479"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-862"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://xenbits.xenproject.org/xsa/advisory-353.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://xenbits.xenproject.org/xsa/advisory-353.html"
            },
            {
              "name": "DSA-4812",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4812"
            },
            {
              "name": "FEDORA-2020-64859a826b",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBLV6L6Q24PPQ2CRFXDX4Q76KU776GKI/"
            },
            {
              "name": "FEDORA-2020-df772b417b",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C6M6S3CIMEBACH6O7V4H2VDANMO6TVA/"
            },
            {
              "name": "GLSA-202107-30",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202107-30"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.0,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2022-04-26T16:12Z",
      "publishedDate": "2020-12-15T18:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-29479 (GCVE-0-2020-29479)

FKIE_CVE-2020-29479

CERTFR-2020-AVI-825

Solution

CERTFR-2020-AVI-824

Solution

CERTFR-2020-AVI-825

Solution

CERTFR-2020-AVI-824

Solution

GHSA-MRWX-R54G-7X9F

GSD-2020-29479

Tags

Sightings

Nomenclature