Описание
KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attacker-controlled node. This vulnerability could otherwise allow an attacker to mark all nodes as unschedulable, potentially forcing the migration or creation of privileged pods onto a compromised node.
Ссылки
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.3 (включая)Версия от 1.6.0 (включая) до 1.6.1 (включая)
Одно из
cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*
cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*
EPSS
Процентиль: 12%
0.00041
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-269
Связанные уязвимости
msrc
14 дней назад
KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes
CVSS3: 5.3
github
около 1 месяца назад
KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes
EPSS
Процентиль: 12%
0.00041
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-269