Lucene search
GoogleOSV:GHSA-849R-8WVP-4WWGHistoryJun 01, 2021 - 6:40 p.m.
Permissions bypass in KubeVirt
2021-06-0118:40:38
Google
osv.dev
4
A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret.
| CPE | Name | Operator | Version |
|---|---|---|---|
| kubevirt.io/kubevirt | lt | 0.26.0 |
References
bugzilla.redhat.com/show_bug.cgi?id=1792092
github.com/kubevirt/containerized-data-importer/pull/1098
github.com/kubevirt/kubevirt
github.com/kubevirt/kubevirt/commit/9efa8d7388d4fe1c698c6980aa7122c06bd141be
github.com/kubevirt/kubevirt/issues/2967
github.com/kubevirt/kubevirt/pull/3001
nvd.nist.gov/vuln/detail/CVE-2020-1701
Related
osv
osv
CVE-2020-1701
2021-05-27 20:15:07
Permissions bypass in KubeVirt in kubevirt.io/kubevirt
2024-06-04 15:19:21
cvelist
cvelist
CVE-2020-1701
2021-05-27 19:45:04
github
github
Permissions bypass in KubeVirt
2021-06-01 18:40:38
cve
cve
CVE-2020-1701
2021-05-27 20:15:07
prion
prion
Design/Logic Flaw
2021-05-27 20:15:00
redhatcve
redhatcve
CVE-2020-1701
2020-01-17 02:39:05
veracode
veracode
Information Disclosure
2020-02-06 08:23:31
nvd
nvd
CVE-2020-1701
2021-05-27 20:15:07