A flaw was found in the kubevirt main virt-handler. Due to the access permissions of virt-handler an attacker with access to create vms could attach any secret within their namespace. This would allow them to read the contents of that secret.
This issue can only be resolved by applying updates.
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.