4 matches found
CVE-2026-9804
A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link symlink within an exported filesystem Persistent Volume Claim PVC that points...
CVE-2026-9804
A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link symlink within an exported filesystem Persistent Volume Claim PVC that points...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via the virt-exportserver process. An attacker can access sensitive files from the exporter pod's filesystem by placing a symbolic link within an exported filesystem Persistent Volume Claim PVC that points outside its...
PT-2024-40979 · Unknown +1 · Virt-Exportserver-Container +9
Name of the Vulnerable Software and Affected Versions: kubevirt versions prior to 1.1.1 virt-api-container versions prior to 1.1.1 virt-controller-container versions prior to 1.1.1 virt-exportproxy-container versions prior to 1.1.1 virt-exportserver-container versions prior to 1.1.1...