CVE-2020-14316

EPSS 0.39%
Veröffentlicht 29.07.2020 19:15:14
Zuletzt bearbeitet 21.11.2024 05:02:59
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any file on the system where the VMI is running. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kubevirt ≫ Kubevirt SwPlatformkubernetes Version <= 0.29

Redhat ≫ Openshift Virtualization Version1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.594

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

https://bugzilla.redhat.com/show_bug.cgi?id=1848951

Patch

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2020-14316

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-14316

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-14316

EUVD