Описание
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler (via verifyPeerCert), an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileged operations against other virt-handler instances potentially compromising the integrity and availability of the VM managed by it. This vulnerability is fixed in 1.5.3 and 1.6.1.
A flaw was found in KubeVirt's virt-handler component. Improper TLS certificate verification in the peer authentication logic allows an attacker who has compromised one virt-handler instance to impersonate the virt-api component and execute privileged operations against other virt-handler instances, compromising the integrity and availability of virtual machines managed across the cluster.
Отчет
The impact oF this vulnerability is rated MODERATE because successful exploitation requires first compromising a privileged virt-handler component, which is not directly accessible to untrusted users and requires prior breach of Kubernetes node or container security boundaries. he vulnerability stems from shared credentials and inadequate validation that allows a compromised virt-handler to present itself as the legitimate virt-api service when communicating with other virt-handler instances. An attacker who successfully compromises a single virt-handler - a privileged Kubernetes DaemonSet component running on each node, can exploit this authentication weakness to perform lateral movement within the cluster, executing privileged operations on VMs managed by other virt-handler instances on different nodes.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Virtualization 4 | kubevirt | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler (via verifyPeerCert), an attacker who compromises a virt-handler instance, could exploit these shared credentials to impersonate virt-api and execute privileged operations against other virt-handler instances potentially compromising the integrity and availability of the VM managed by it. This vulnerability is fixed in 1.5.3 and 1.6.1.
KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing
KubeVirt's Improper TLS Certificate Management Handling Allows API Identity Spoofing
Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container
EPSS
6.5 Medium
CVSS3