Assigner | redhat |
Reserved | 2024-02-21 |
Published | 2024-03-07 |
Updated | 2024-05-08 |
Description
A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Problem types
Product status
v4.13.0-202404200313.p0.g9d909f7.assembly.stream.el8 before *
v4.14.0-202404161544.p0.g48fafc4.assembly.stream.el8 before *
v4.15.0-202403220332.p0.gd3bdbce.assembly.stream.el8 before *
Timeline
2024-02-19: | Reported to Red Hat. |
2024-03-06: | Made public. |
References
https://access.redhat.com/errata/RHSA-2024:1559 (RHSA-2024:1559)
https://access.redhat.com/errata/RHSA-2024:1891 (RHSA-2024:1891)
https://access.redhat.com/errata/RHSA-2024:2047 (RHSA-2024:2047)
https://access.redhat.com/security/cve/CVE-2024-1725
https://bugzilla.redhat.com/show_bug.cgi?id=2265398 (RHBZ#2265398)