8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.9 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
A flaw was found in the kubevirt-csi component of OpenShift Virtualization’s Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node’s volume by creating a custom Persistent Volume that matches the name of a worker node.
[
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4.13",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift4/kubevirt-csi-driver-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "v4.13.0-202404200313.p0.g9d909f7.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.13::el8",
"cpe:/a:redhat:openshift:4.13::el9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4.14",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift4/kubevirt-csi-driver-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "v4.14.0-202404161544.p0.g48fafc4.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9",
"cpe:/a:redhat:openshift:4.14::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4.15",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift4/kubevirt-csi-driver-rhel8",
"defaultStatus": "affected",
"versions": [
{
"version": "v4.15.0-202403220332.p0.gd3bdbce.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.15::el9",
"cpe:/a:redhat:openshift:4.15::el8"
]
}
]
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.9 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%