Correct. It's network-stack specific, so unless you have VMs sharing the same network stack (which would be quite unusual) you shouldn't be vulnerable.
But there can be other unrelated issues that can cross VMs, like Spectre.
I did. It's a medium article (a blog post) that doesn't include technical details. If this is a true CVE, it should be in a CVE format with exact technical details.
Don't get me wrong, I appreciate blog posts as much as the next guy but what's the exact code that is flawed. What line numbers, etc.
The blog post contains a few lines describing the nature of the problem. The author expects readers to understand a lot of background. The CVE sites do not have any details
> what's the exact code that is flawed
Doesn't matter, isn't going to be fixed. The purpose of the post is to tell people not to run a node on a multi-user system
Access to the RPC interface of a Bitcoin node is constrained by IP address and by a plaintext access token. This is weak security. It's a strong argument for deprecating RPC
Would it be possible to replace plain text authentication of RPC access with asymmetric key-pair access? This would allow safe access from external networks, as well as prevent the exploit described
Two separate keypairs could allow