You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/kubevirt/kubevirt
packages:
- package: Kubevirt
description: |
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.
cves:
- CVE-2022-1798
credit: "Oliver Brooks and James Klopchic of NCC Group\tDiane Dubois and Roman Mohr
of Google"
references:
- web: https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364
The text was updated successfully, but these errors were encountered:
CVE-2022-1798 references github.com/kubevirt/kubevirt, which may be a Go module.
Description:
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.
References:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: