Azure Linux 3.0 Security Update: kubevirt (CVE-2023-26484)

The version of kubevirt installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-26484 advisory. - KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicio...

CBL Mariner 2.0 Security Update: kubevirt (CVE-2023-26484)

The version of kubevirt installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-26484 advisory. - KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicio...

CVE-2023-26484 affecting package kubevirt for versions less than 0.59.0-20

CVE-2023-26484 affecting package kubevirt for versions less than 0.59.0-20. A patched version of the package is available...

CVE-2023-26484 affecting package kubevirt for versions less than 1.2.0-1

CVE-2023-26484 affecting package kubevirt for versions less than 1.2.0-1. An upgraded version of the package is available that resolves this issue...

SUSE SLES15 / openSUSE 15 Security Update : kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (SUSE-SU-2023:1967-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1967-1 advisory. - KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken...

SUSE-SU-2023:1967-1 Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container

This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: - CVE-2023-26484: Limit operator secrets permission. bsc1209359 kubevirt is also rebuilt...

CVE-2023-26484

A flaw was found in the Kubevirt package. KubeVirt could allow a remote authenticated attacker to bypass security restrictions caused by improper authorization validation. An attacker can modify all node specs by sending a specially-crafted request using the virt-handler service account...

CVE-2023-26484

creationtimestamp| type| source ---|---|--- 2023-03-15 23:30:17+00:00| seen| https://t.me/cibsecurity/60096...

CVE-2023-26484

CVE-2023-26484 affects KubeVirt up to version 0.59.0. If an attacker compromises a Kubernetes node where virt-handler runs, the virt-handler service account can modify all node specs, enabling reading secrets and pod-level actions on other nodes and potentially elevating privileges cluster-wide. ...

CVE-2023-26484 On a compromised KubeVirt node, the virt-handler service account can be used to modify all node specs

KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler the KubeVirt node-daemon is running, the virt-handler service account can be used to modify all node specs. This can be misused to...