Vulnerabilities > Kubevirt
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-15 | CVE-2023-26484 | Incorrect Authorization vulnerability in Kubevirt KubeVirt is a virtual machine management add-on for Kubernetes. | 8.2 |
| 2022-09-15 | CVE-2022-1798 | Path Traversal vulnerability in Kubevirt A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. | 6.5 |
| 2021-05-27 | CVE-2020-1701 | Incorrect Permission Assignment for Critical Resource vulnerability in Kubevirt A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. | 6.5 |
| 2020-07-29 | CVE-2020-14316 | A flaw was found in kubevirt 0.29 and earlier. | 9.9 |
| 2019-06-28 | CVE-2019-10175 | Missing Authorization vulnerability in Kubevirt Containerized-Data-Importer 1.4.0 A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim (PVC) in the source namespace. | 6.5 |
| 2019-03-25 | CVE-2019-3841 | Improper Certificate Validation vulnerability in Kubevirt Containerized Data Importer Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. | 6.8 |