Vulnerabilities > Kubevirt > Containerized Data Importer
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-28 | CVE-2019-10175 | Missing Authorization vulnerability in Kubevirt Containerized-Data-Importer 1.4.0 A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim (PVC) in the source namespace. | 6.5 |
| 2019-03-25 | CVE-2019-3841 | Improper Certificate Validation vulnerability in Kubevirt Containerized Data Importer Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. | 6.8 |