Lucene search
K

5 matches found

Snyk
Snyk
added 2025/11/07 11:46 p.m.2 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to excessive permissions granted to the virt-handler service account. An attacker can initiate unauthorized migrations of virtual machine instances to attacker-controlled nodes or mark all nodes as...

6.9CVSS5.5AI score0.00231EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2023/03/20 4:13 a.m.42 views

CVE-2023-26484

A flaw was found in the Kubevirt package. KubeVirt could allow a remote authenticated attacker to bypass security restrictions caused by improper authorization validation. An attacker can modify all node specs by sending a specially-crafted request using the virt-handler service account...

8.2CVSS7.6AI score0.00611EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/03/16 4:4 p.m.39 views

On a compromised node, the virt-handler service account can be used to modify all node specs

Impact If a malicious user has taken over a Kubernetes node where virt-handler the KubeVirt node-daemon is running, the virt-handler service account can be used to modify all node specs. This can be misused to lure-in system-level-privileged components which can for instance read all secrets on t...

8.2CVSS7.7AI score0.00611EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/03/15 9:15 p.m.16 views

Code injection

KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler the KubeVirt node-daemon is running, the virt-handler service account can be used to modify all node specs. This can be misused to...

3.6CVSS7.9AI score0.00611EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/15 8:40 p.m.7 views

CVE-2023-26484 On a compromised KubeVirt node, the virt-handler service account can be used to modify all node specs

KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler the KubeVirt node-daemon is running, the virt-handler service account can be used to modify all node specs. This can be misused to...

8.2CVSS7.9AI score0.00611EPSS
Exploits0References2
Rows per page
Query Builder