Описание
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can mislead the virt-controller into associating the fake pod with the VMI, resulting in incorrect status updates and potentially causing a DoS (Denial-of-Service). This vulnerability is fixed in 1.7.0-beta.0.
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.3 (включая)
Одно из
cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*
cpe:2.3:a:kubevirt:kubevirt:1.7.0:alpha0:*:*:*:kubernetes:*:*
EPSS
Процентиль: 17%
0.00054
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-703
Связанные уязвимости
CVSS3: 5.3
msrc
15 дней назад
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
CVSS3: 5.3
github
около 1 месяца назад
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
EPSS
Процентиль: 17%
0.00054
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-703