Kubevirt

Kubevirt

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.7

CVE-2025-64324

Exploit
  • EPSS 0.01%
  • Veröffentlicht 18.11.2025 22:10:19
  • Zuletzt bearbeitet 25.11.2025 17:16:59

KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of thi...

6.5

CVE-2025-64433

Exploit
  • EPSS 0.06%
  • Veröffentlicht 07.11.2025 23:07:31
  • Zuletzt bearbeitet 25.11.2025 16:49:00

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handlin...

5

CVE-2025-64437

Exploit
  • EPSS 0.03%
  • Veröffentlicht 07.11.2025 23:04:10
  • Zuletzt bearbeitet 25.11.2025 17:16:45

KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the...

5.3

CVE-2025-64436

Exploit
  • EPSS 0.04%
  • Veröffentlicht 07.11.2025 22:59:47
  • Zuletzt bearbeitet 25.11.2025 17:17:28

KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5.0 and earlier, the permissions granted to the virt-handler service account, such as the ability to update VMI and patch nodes, could be abused to force a VMI migration to an attac...

5.3

CVE-2025-64435

Exploit
  • EPSS 0.05%
  • Veröffentlicht 07.11.2025 22:57:02
  • Zuletzt bearbeitet 25.11.2025 17:15:44

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-laun...

6.3

CVE-2025-64434

Exploit
  • EPSS 0.01%
  • Veröffentlicht 07.11.2025 22:54:04
  • Zuletzt bearbeitet 25.11.2025 17:05:28

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, due to the peer verification logic in virt-handler (via verifyPeerCert), an attacker who compromises a virt-handler instance, could exploit these shared credent...

4.7

CVE-2025-64432

Exploit
  • EPSS 0.01%
  • Veröffentlicht 07.11.2025 18:38:33
  • Zuletzt bearbeitet 25.11.2025 15:56:30

KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It was discove...

5.9

CVE-2024-33394

  • EPSS 0.04%
  • Veröffentlicht 02.05.2024 18:15:07
  • Zuletzt bearbeitet 07.07.2025 15:40:23

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.

8.2

CVE-2023-26484

  • EPSS 0.31%
  • Veröffentlicht 15.03.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 07:51:36

KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is running, the virt-handler service account can be used ...

6.5

CVE-2022-1798

Exploit
  • EPSS 0.03%
  • Veröffentlicht 15.09.2022 16:15:10
  • Zuletzt bearbeitet 21.11.2024 06:41:29

A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or ...