KubeVirt Arbitrary Container File Read

Summary Short summary of the problem. Make the impact and severity as clear as possible. Mounting a user-controlled PVC disk within a VM allows an attacker to read any file present in the virt-launcher pod. This is due to erroneous handling of symlinks defined within a PVC. Details Give all detai...

EUVD-2022-1057

Malicious code in bioql PyPI...

NULL Pointer Dereference in Kubernetes CSI snapshot-controller

Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes...

GHSA-HWRR-RHMM-VCVF NULL Pointer Dereference in Kubernetes CSI snapshot-controller

Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes...

CVE-2020-8569

Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes...

CVE-2020-8569

CVE-2020-8569 affects the Kubernetes CSI external snapshot-controller when processing a VolumeSnapshot CR that references a non-existent PersistentVolumeClaim and lacks a VolumeSnapshotClass. The root cause is a NULL pointer dereference which can cause the snapshot-controller to crash and, after ...