Vulnerabilities > Kubevirt

DATE CVE VULNERABILITY TITLE RISK
2023-03-15 CVE-2023-26484 Unspecified vulnerability in Kubevirt
KubeVirt is a virtual machine management add-on for Kubernetes.
network
high complexity
kubevirt
8.2
2022-09-15 CVE-2022-1798 Path Traversal vulnerability in Kubevirt
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107.
local
low complexity
kubevirt CWE-22
6.5
2021-05-27 CVE-2020-1701 Unspecified vulnerability in Kubevirt
A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler.
network
low complexity
kubevirt
6.5
2020-07-29 CVE-2020-14316 A flaw was found in kubevirt 0.29 and earlier.
network
low complexity
kubevirt redhat
critical
9.9
2019-06-28 CVE-2019-10175 Missing Authorization vulnerability in Kubevirt Containerized-Data-Importer 1.4.0
A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim (PVC) in the source namespace.
network
low complexity
kubevirt CWE-862
6.5
2019-03-25 CVE-2019-3841 Improper Certificate Validation vulnerability in Kubevirt Containerized Data Importer
Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries.
network
high complexity
kubevirt CWE-295
6.8