Vulnerabilities > Kubevirt
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-15 | CVE-2023-26484 | Incorrect Authorization vulnerability in Kubevirt KubeVirt is a virtual machine management add-on for Kubernetes. | 8.2 |
| 2021-05-27 | CVE-2020-1701 | Incorrect Permission Assignment for Critical Resource vulnerability in Kubevirt A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. | 4.0 |
| 2020-07-29 | CVE-2020-14316 | Improper Privilege Management vulnerability in multiple products A flaw was found in kubevirt 0.29 and earlier. | 6.5 |
| 2019-06-28 | CVE-2019-10175 | Improper Access Control vulnerability in Kubevirt Containerized-Data-Importer 1.4.0 A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim (PVC) in the source namespace. | 4.0 |
| 2019-03-25 | CVE-2019-3841 | Improper Certificate Validation vulnerability in Kubevirt Containerized Data Importer Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. | 4.9 |