Описание
A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.
Дополнительная информация
Статус:
Important
Дефект:
CWE-501
https://bugzilla.redhat.com/show_bug.cgi?id=2265398kubevirt-csi: PersistentVolume allows access to HCP's root node
EPSS
Процентиль: 35%
0.00142
Низкий
6.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.5
nvd
почти 2 года назад
A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.
CVSS3: 8.1
github
почти 2 года назад
kubevirt-csi: PersistentVolume allows access to HCP's root node
EPSS
Процентиль: 35%
0.00142
Низкий
6.5 Medium
CVSS3