3 matches found
CVE-2020-1701
KubeVirt vulnerability CVE-2020-1701 affects virt-handler (versions before 0.26.0). A user who can create VMs can abuse virt-handler’s access controls to attach any secret in their namespace, reading secret contents. Root cause: improper access permissions in virt-handler. Impact: confidentiality...
CVE-2020-1701
A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret...
CVE-2020-1701
A flaw was found in the KubeVirt main virt-handler regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret. Mitigation This issue can only be resolved by applying...