Описание
A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret.
A flaw was found in the KubeVirt main virt-handler regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret.
Меры по смягчению последствий
This issue can only be resolved by applying updates. Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Virtualization 1 | virt-handler | Fix deferred | ||
| Red Hat OpenShift Virtualization 2 | virt-handler-container | Affected | ||
| Red Hat OpenShift Virtualization 2 | kubevirt-cpu-model-nfd-plugin-container | Fixed | RHEA-2020:2011 | 04.05.2020 |
| Red Hat OpenShift Virtualization 2 | kubevirt-cpu-node-labeller-container | Fixed | RHEA-2020:2011 | 04.05.2020 |
| Red Hat OpenShift Virtualization 2 | kubevirt-kvm-info-nfd-plugin-container | Fixed | RHEA-2020:2011 | 04.05.2020 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret.
6.5 Medium
CVSS3