CVE-2024-31419 Cnv: information disclosure through the usage of vm-dump-metrics

🗓️ 03 Apr 2024 14:00:04Reported by redhatType

Information disclosure flaw in OpenShift Virtualization, CVE-2024-3141

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2024-31419	27 Feb 202520:25	–	circl
CNNVD	Red Hat OpenShift Virtualization 安全漏洞	3 Apr 202400:00	–	cnnvd
CVE	CVE-2024-31419	3 Apr 202414:00	–	cve
EUVD	EUVD-2024-29309	3 Oct 202520:07	–	euvd
NVD	CVE-2024-31419	3 Apr 202414:15	–	nvd
Positive Technologies	PT-2024-24059 · Red Hat · Openshift Virtualization	3 Apr 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-31419	3 Apr 202413:30	–	redhatcve
Vulnrichment	CVE-2024-31419 Cnv: information disclosure through the usage of vm-dump-metrics	3 Apr 202414:00	–	vulnrichment

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "4.15.1"
      }
    ],
    "packageName": "cnv",
    "collectionURL": "https://osim.prodsec.redhat.com/tracker/3db8d873-292a-4550-b241-eb8e84dcdf28",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Virtualization 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kubevirt-hyperconverged-cluster-operator",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:container_native_virtualization:4"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2024-31419

21 Nov 2025 06:55Current

4.6Medium risk

Vulners AI Score4.6

CVSS 3.14.3

EPSS0.00397

CWE-497