Vulnerabilities > CVE-2020-23793 - Missing Authorization vulnerability in Spice-Space Spice-Server 0.14.06El76.1

CVSS 8.6 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

spice-space

CWE-862

NVD

Published: 2023-08-22

Updated: 2023-08-26

Summary

An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects.

Vulnerable Configurations

Part	Description	Count
Application	Spice-Space Spice Space Spice Server 0.14.0-6El7_6.1	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://github.com/zelat/spice-security-issues