Fedora Account System
Red Hat Associate
Red Hat Customer
The kubeVirt API is affected by an arbitrary file read vulnerability. It is possible to use the KubeVirt API to provide access to host files (like /etc/passwd for example) in a KubeVirt VM as a disk device that can be written to and read from.
This issue has been addressed in the following products: RHEL-8-CNV-4.10 Via RHSA-2022:6351 https://access.redhat.com/errata/RHSA-2022:6351
This issue has been addressed in the following products: RHEL-8-CNV-4.11 Via RHSA-2022:6526 https://access.redhat.com/errata/RHSA-2022:6526
This issue has been addressed in the following products: RHEL-8-CNV-4.9 Via RHSA-2022:6681 https://access.redhat.com/errata/RHSA-2022:6681
This issue has been addressed in the following products: RHEL-8-CNV-4.8 Via RHSA-2022:6890 https://access.redhat.com/errata/RHSA-2022:6890
This issue has been addressed in the following products: RHEL-8-CNV-4.12 Via RHSA-2023:0408 https://access.redhat.com/errata/RHSA-2023:0408
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-1798