Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04MjhyLXIyYzgtcmZ3M84AA7Sl
Privilege Escalation in kubevirt
A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any file on the system where the VMI is running. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Permalink: https://github.com/advisories/GHSA-828r-r2c8-rfw3JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04MjhyLXIyYzgtcmZ3M84AA7Sl
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 7 months ago
Updated: 7 months ago
CVSS Score: 10.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Identifiers: GHSA-828r-r2c8-rfw3, CVE-2020-14316
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-14316
- https://github.com/kubevirt/kubevirt/pull/3686
- https://bugzilla.redhat.com/show_bug.cgi?id=1848951
- https://github.com/advisories/GHSA-828r-r2c8-rfw3
Blast Radius: 16.3
Affected Packages
go:kubevirt.io/kubevirt
Dependent packages: 35Dependent repositories: 43
Downloads:
Affected Version Ranges: < 0.30.0
Fixed in: 0.30.0
All affected versions: 0.0.2, 0.0.3, 0.0.4, 0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.4.1, 0.5.0, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.7.0, 0.8.0, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.10.0, 0.11.0, 0.11.1, 0.12.0, 0.13.0, 0.13.1, 0.13.2, 0.13.3, 0.13.4, 0.13.5, 0.13.6, 0.13.7, 0.14.0, 0.15.0, 0.16.0, 0.16.1, 0.16.2, 0.16.3, 0.17.0, 0.17.1, 0.17.2, 0.17.3, 0.17.4, 0.18.0, 0.18.1, 0.19.0, 0.20.0, 0.20.1, 0.20.2, 0.20.3, 0.20.4, 0.20.5, 0.20.6, 0.20.7, 0.20.8, 0.21.0, 0.22.0, 0.23.0, 0.23.1, 0.23.2, 0.23.3, 0.24.0, 0.25.0, 0.26.0, 0.26.1, 0.26.2, 0.26.3, 0.26.4, 0.26.5, 0.27.0, 0.28.0, 0.29.0, 0.29.1, 0.29.2
All unaffected versions: 0.30.0, 0.30.1, 0.30.2, 0.30.3, 0.30.4, 0.30.5, 0.30.6, 0.30.7, 0.31.0, 0.32.0, 0.33.0, 0.34.0, 0.34.1, 0.34.2, 0.35.0, 0.36.0, 0.36.1, 0.36.2, 0.36.3, 0.36.4, 0.36.5, 0.37.0, 0.37.1, 0.37.2, 0.37.3, 0.38.0, 0.38.1, 0.38.2, 0.39.0, 0.39.1, 0.39.2, 0.40.0, 0.40.1, 0.41.0, 0.41.1, 0.41.2, 0.41.3, 0.41.4, 0.42.0, 0.42.1, 0.42.2, 0.43.0, 0.43.1, 0.44.0, 0.44.1, 0.44.2, 0.44.3, 0.45.0, 0.45.1, 0.46.0, 0.46.1, 0.47.0, 0.47.1, 0.48.0, 0.48.1, 0.49.0, 0.49.1, 0.50.0, 0.51.0, 0.52.0, 0.53.0, 0.53.1, 0.53.2, 0.54.0, 0.55.0, 0.55.1, 0.55.2, 0.56.0, 0.56.1, 0.57.0, 0.57.1, 0.58.0, 0.58.1, 0.58.2, 0.59.0, 0.59.1, 0.59.2, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.3.1